r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96367f956a4177aec7e7e80221539d58
8dcad10fde96c139d1ef212388cb6755fe3fe077
f4f9bdb5180359dfd734cef1e6f1b54bc9d8f72cae557366eb74f22100b94dc4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4F9BDB5180359DFD734CEF1E6F1B54BC9D8F72CAE557366EB74F22100B94DC4"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12143
Expires: Fri, 16 Dec 2022 12:57:58 GMT
Date: Fri, 16 Dec 2022 09:35:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4a5e9bc8b7891ac5f4552c29bcbaedb0
39735081eeb64eae477c61c1147daeb68fb37b22
c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18072
Expires: Fri, 16 Dec 2022 14:36:47 GMT
Date: Fri, 16 Dec 2022 09:35:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5b38399fcc8246505e5e6b0f62803a5a
bb374f8d97b2bd798873d74c6bbab20ad6843e96
406ab3af8adf2b151c052a06c0379fd8d83d3362e90c17ac2e5481b6b9a7441f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "406AB3AF8ADF2B151C052A06C0379FD8D83D3362E90C17AC2E5481B6B9A7441F"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20092
Expires: Fri, 16 Dec 2022 15:10:27 GMT
Date: Fri, 16 Dec 2022 09:35:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 16 Dec 2022 09:34:00 GMT
content-type: application/json
age: 95
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gyFmMN1elRyLAJM8IXsjbUX4Oe7f+WE4q97Dhmw7QOtQuPazZnQvdUVMV8G4VtpaGX0F7vwpWvU=
x-amz-request-id: QRPGVHS0Z7NXPR22
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 16 Dec 2022 08:53:09 GMT
age: 2546
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
czjilce-aqg-6.tk/nene/login.globalsources.com/error.php?email=
162.241.87.224200 OK 12 kB URL HTTP/1.1 czjilce-aqg-6.tk/nene/login.globalsources.com/error.php?email=
IP 162.241.87.224:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (597), with CRLF line terminators
Hash 2a23682e6c344b2d2b01dc13d0e8c2ff
7373290b4cce98841e2e4c72baf57971cc55e68e
f6de24cb3a3a13acc164ec1d88c628c6bbe7280c7082c50f97bce4e4df3578e9
Analyzer Verdict Alert openphish Global Sources (HK)
fortinet Phishing
quad9 Sinkholed
GET /nene/login.globalsources.com/error.php?email= HTTP/1.1
Host: czjilce-aqg-6.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 09:35:35 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Dec 2022 09:35:35 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 16 Dec 2022 09:33:23 GMT
age: 133
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b9f0adeb27a19629aeff6f34de67f3ad
3876d1b871d7da6d18de23c2edb301eb30728066
c5744a90c8f66629aa2331465a32afe0d430b36d16fd98bc821e370f1b24463c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1974
Cache-Control: max-age=86658
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:36 GMT
Etag: "639ae3b4-1d7"
Expires: Sat, 17 Dec 2022 09:39:54 GMT
Last-Modified: Thu, 15 Dec 2022 09:07:00 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.217.163101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.217.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: l/1HUYE6aKJWfSH4+ERWkQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zCUnGZ6df0H3ZiiWaPvamYiXSHA=
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
107.154.199.39200 OK 4.7 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash f68d2d065e34993ce6e4b832737c7147
8e799c63bd8292de2f320b8afa23524107773266
b0501c9294231206d2aeb28e8bbd622910de7fc139e02756dc339cb9a68d017f
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: image/jpeg
content-length: 4667
set-cookie: AWSALBTG=9e+KRrH80pGgBNkru2JCG7BA47ea1AZWZv1lLW7/08MJFZh/dSht5EihL4m+qDzAaDLV1kVsemMBQJyBe3afJj6h8Wq7wj9VNLjnNx5w0TeKVLs9fIM6UzvFw1kO+163QecJV40NFFPK2FGFee8q/i6KcBk4b2NThDdM4oirppVL; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=9e+KRrH80pGgBNkru2JCG7BA47ea1AZWZv1lLW7/08MJFZh/dSht5EihL4m+qDzAaDLV1kVsemMBQJyBe3afJj6h8Wq7wj9VNLjnNx5w0TeKVLs9fIM6UzvFw1kO+163QecJV40NFFPK2FGFee8q/i6KcBk4b2NThDdM4oirppVL; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=zDX7JYZOMSMSZ54//VsnXT3KF0YWMyW2ix0bl8cWObum1MtSWOFwq7ZYwL9h1DhoeukIBGjMilwUMO2zzPhACWhQ8Kjrj21NNNFCRhj5W+mR6XE9xBXz1wyUM2H8; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=zDX7JYZOMSMSZ54//VsnXT3KF0YWMyW2ix0bl8cWObum1MtSWOFwq7ZYwL9h1DhoeukIBGjMilwUMO2zzPhACWhQ8Kjrj21NNNFCRhj5W+mR6XE9xBXz1wyUM2H8; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=HXWpQEnrsAeidzMEOJREPwAAAAAv77RyjkpxHVFJGAceS89l; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=Dh1ENRilrB6+audgiBrYA+g7nGMAAAAAjWKgXsFh96m8JnGf9NjEsA==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:07 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 58) q(0 0 4 1) r(7 7) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=arl+M3TjC29Q6qFQbwViJr03qq/2oo7uAGi5DZNK3tID92S6NJCdpzVFnV7AKKZqfEVPEcYtemMDLKsM/Mu8uiq077Xu7PyOairi3Dl3uFR1Hcxcy3iwq4UHro+EcoxX/4Co+TQxh2NUSq20aPyCCooOse4DEniZ3v8JG9nC2bjf; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=arl+M3TjC29Q6qFQbwViJr03qq/2oo7uAGi5DZNK3tID92S6NJCdpzVFnV7AKKZqfEVPEcYtemMDLKsM/Mu8uiq077Xu7PyOairi3Dl3uFR1Hcxcy3iwq4UHro+EcoxX/4Co+TQxh2NUSq20aPyCCooOse4DEniZ3v8JG9nC2bjf; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=XVO4ZHLen48Ezww8Hpk6UoQ9bF8kdZcim81eq6CWo0zqWqOAmbU6OsVsO4iTJKEf4f/jZPm/CPwoqMcG8VWCfZO3zjskhcIcqDDLzt2C+3MV5YwRMFSzIdkbL+T+; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=XVO4ZHLen48Ezww8Hpk6UoQ9bF8kdZcim81eq6CWo0zqWqOAmbU6OsVsO4iTJKEf4f/jZPm/CPwoqMcG8VWCfZO3zjskhcIcqDDLzt2C+3MV5YwRMFSzIdkbL+T+; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=ZTrFSNOuMhtz1occOJREPwAAAADbzV+bPzWxvYXnpJNUM5Jn; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=EcZtViC17Qe+audgiBrYA+g7nGMAAAAAXSU0eHXzO5yJBbBkIvqSvQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 60) q(0 0 4 1) r(9 9) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
107.154.199.39200 OK 4.3 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash 3416d1e30f078febf83bad93f15f7ba6
2997b26ac512fd945f5c1ef64e3bcf178ee47f6b
900774ab9d108ddeee13c38f67680d8b855588ab4b3c37949fa79f4b15c4e3a9
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: image/jpeg
content-length: 4284
set-cookie: AWSALBTG=FAim81jllNSvgc+HI4lNa83Mcil6yl8MqwOmvBaeSOGrE+DlPnwq3NOiNp08EsABBMiyUrYVcNx1vERW6bDwWiwgMixzXZJ38FZw4pVdH+snIF+DuLymP+uy0CNGvBOrN1i+Ga0CEbKjDeXmohf/OYDCGM5mfHEXVhX9id6GhsEV; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=FAim81jllNSvgc+HI4lNa83Mcil6yl8MqwOmvBaeSOGrE+DlPnwq3NOiNp08EsABBMiyUrYVcNx1vERW6bDwWiwgMixzXZJ38FZw4pVdH+snIF+DuLymP+uy0CNGvBOrN1i+Ga0CEbKjDeXmohf/OYDCGM5mfHEXVhX9id6GhsEV; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=hA/rQDSEdAXLjtQz4+ghDiau4Ut1lfjuu7I2dOtwgOD5Y5aIGDr/PXpFttKioTanG7Ya5HCIhS2dX+3C7OPfGsBQCtbkIYztmt3233thFY1CWAwP9s6vqNkoutxW; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=hA/rQDSEdAXLjtQz4+ghDiau4Ut1lfjuu7I2dOtwgOD5Y5aIGDr/PXpFttKioTanG7Ya5HCIhS2dX+3C7OPfGsBQCtbkIYztmt3233thFY1CWAwP9s6vqNkoutxW; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=SL/UAljqMjLCBexKOJREPwAAAACEY3lRbQvlcLvUkRpLlIqa; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=YxDPAaGaaz++audgiBrYA+g7nGMAAAAAzP0a3Ohbneju9tEszXvhlg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:07 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 56) q(0 0 4 0) r(9 9) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
107.154.199.39200 OK 3.8 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
IP 107.154.199.39:0
File type PNG image data, 210 x 32, 8-bit colormap, non-interlaced\012- data
Hash a8656a61ac922e6b5e297627ae7b078a
fd0a07d76165669d22d9b8c1e930da9fb51aef22
465c8b941a45a964b3c73162a3357083c03e807f2eb45a6e0cc03658f686ece6
GET /sso/gsol/pex/en/balat/images/GSLOGO.PNG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: image/png
content-length: 3788
set-cookie: AWSALBTG=dwpOm+Nh/Zs0pV9xOf4u/hY121NP3aKg0Mc9LDAtAGxN0FQ64P0nrO7wI2MT4O/XLPt2+5QGQd8O8hlTmHMI1ohfWH0937lGFg1RwMNsEkBIjXceZJ/drPbw9wA1zURvqH6nwmlttvUXM2ri80KZFVfoTQJP++d/coCCI89SzTyS; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=dwpOm+Nh/Zs0pV9xOf4u/hY121NP3aKg0Mc9LDAtAGxN0FQ64P0nrO7wI2MT4O/XLPt2+5QGQd8O8hlTmHMI1ohfWH0937lGFg1RwMNsEkBIjXceZJ/drPbw9wA1zURvqH6nwmlttvUXM2ri80KZFVfoTQJP++d/coCCI89SzTyS; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=ZKvdqlNTyBAPMVrw8uMTfBzuicfDlUuLduuKm4LDY4xBZzP4otuPurPhxVPqeU37riTxP2uKcPEYVnEg+ZG22UHgmuk2mGZrmmxq0tROje41Va70te10vbBO1CeN; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=ZKvdqlNTyBAPMVrw8uMTfBzuicfDlUuLduuKm4LDY4xBZzP4otuPurPhxVPqeU37riTxP2uKcPEYVnEg+ZG22UHgmuk2mGZrmmxq0tROje41Va70te10vbBO1CeN; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=+DGLQuPGQFcMpfJmOJREPwAAAAAtrg+uvicDG2SnIWpq4TQo; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=GFeMSdYz9mC+audgiBrYA+g7nGMAAAAAMtGdBXfu+y8z5Q7xbmjXUg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 54) q(0 0 4 1) r(11 11) U2
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.72302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 08dc1097c83d6f931819890010215132
651f4c8dec266bc1149c5009aeaff8b850c95cfa
45e607d3d26d0460dc67aded9e4bab3da0e230ad8656bc7cde02db523965d5f0
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Dec 2022 09:35:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
analytics.analytics-egain.com/onetag/EG48975170
34.249.19.88400 94 B URL HTTP/1.1 analytics.analytics-egain.com/onetag/EG48975170
IP 34.249.19.88:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7c2244849ceda3c6e2bb50114f6058fb
d256ae299f5db884f47827d10825f70724506fa3
d1e261174189998690fd10b216468c539fddb4c0beee035d76e29fac38a378a7
GET /onetag/EG48975170 HTTP/1.1
Host: analytics.analytics-egain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
HTTP/1.1 400
Date: Fri, 16 Dec 2022 09:35:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server:
Cache-Control: no-cache
login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
107.154.199.39200 OK 6.1 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
IP 107.154.199.39:0
Hash c88a2876f72e5b9a0d66536447d1d5d2
6a357800f01db60bc9e38e08b80f1ded2d92f9cd
9267c8d25d914142fc6620b6e014585007697d82b2fcc882958c5c61a6101d0b
GET /sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=3KAG5o9oPTouKiX3SxNrGJ2f7UWWLPmvt3MQsyVsc3H7pbNYXrH2Tp3ulAzOhFmQj/Li+Pj81NMPQfF1t6fouoOnH6ipCTrev4OVXyt6KFEj5jhWRxPelpfOPTI371+jsOyxti0BxUEjMAoFP7aOakZUOpVDOiolh5U0mS3uRCDb; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=3KAG5o9oPTouKiX3SxNrGJ2f7UWWLPmvt3MQsyVsc3H7pbNYXrH2Tp3ulAzOhFmQj/Li+Pj81NMPQfF1t6fouoOnH6ipCTrev4OVXyt6KFEj5jhWRxPelpfOPTI371+jsOyxti0BxUEjMAoFP7aOakZUOpVDOiolh5U0mS3uRCDb; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=isJ8xkJZYYFZZZt3nlPC+VZDlX7D6nElgk9wSMhSY6CN8v3YfFsLk3PS7Nh/ews9cHQrJ+6MAD1D9HYgWKt2E1zSEM1+cvgKDsXesZbkjtfCDDRftBn9bC3mrioH; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=isJ8xkJZYYFZZZt3nlPC+VZDlX7D6nElgk9wSMhSY6CN8v3YfFsLk3PS7Nh/ews9cHQrJ+6MAD1D9HYgWKt2E1zSEM1+cvgKDsXesZbkjtfCDDRftBn9bC3mrioH; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=Yn9KTfaL4UcE3EZBOJREPwAAAAAH0r6taxiVYXq74/58KmWm; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=ekGeHYsUjAG+audgiBrYA+g7nGMAAAAAYlsYNnhl1W88Yj0ehn3WNw==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 66) q(0 0 4 0) r(9 9) U2
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2869
Expires: Fri, 16 Dec 2022 10:23:26 GMT
Date: Fri, 16 Dec 2022 09:35:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2869
Expires: Fri, 16 Dec 2022 10:23:26 GMT
Date: Fri, 16 Dec 2022 09:35:37 GMT
Connection: keep-alive
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.72200 OK 97 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.72:0
File type Unicode text, UTF-8 text, with very long lines (53281)
Hash 6b365f7f7af26d1b8d3641717ed9346a
983919a1a72bc34f5833a7c81cfc14e7bfe31d01
47821869f642f8842fd89c3aec1846a65f42cf625d3352a767a088369f04a5f6
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://czjilce-aqg-6.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Dec 2022 09:35:37 GMT
expires: Fri, 16 Dec 2022 09:35:37 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Dec 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 96816
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2869
Expires: Fri, 16 Dec 2022 10:23:26 GMT
Date: Fri, 16 Dec 2022 09:35:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2869
Expires: Fri, 16 Dec 2022 10:23:26 GMT
Date: Fri, 16 Dec 2022 09:35:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2869
Expires: Fri, 16 Dec 2022 10:23:26 GMT
Date: Fri, 16 Dec 2022 09:35:37 GMT
Connection: keep-alive
login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
107.154.199.39200 OK 18 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
IP 107.154.199.39:0
Hash ceb1ebc674e3efa6c26197f0496bbf47
97eb9b4dcffd3a5e959fce12e718edb44d0fd68e
6a76701049e0ff6f58fa5e744c8467fb10120e8d71cced972934f92417482cde
GET /sso/gsol/pex/en/common/includes/ssoscripts.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=Msp+5/PlvoCErT1akfv1vwlQdIPpjUU1JaMObA3X1Z6Zd3R6EefBSQPMicIb+pKEfo8L2lS7IxAksmcziLu7kFUJDTk17oTSNCANnXJPGbykM4nfAG3FgurqTXvgtquO3hZpgODAIqY1MfPZzaFxGtUJRp/P78CKOnrMbMSBI5Ky; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=Msp+5/PlvoCErT1akfv1vwlQdIPpjUU1JaMObA3X1Z6Zd3R6EefBSQPMicIb+pKEfo8L2lS7IxAksmcziLu7kFUJDTk17oTSNCANnXJPGbykM4nfAG3FgurqTXvgtquO3hZpgODAIqY1MfPZzaFxGtUJRp/P78CKOnrMbMSBI5Ky; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=xnb5ztmzIaBB1I/0ezvaoqWT38ji7w6mB1WopMYfe0/a6g3433U7dwEY2wmO9mLXAJTm/2aCi2tdmg5a8OSE/rBHIuweBjJpGMyofMIUEy9p2BovSWRrN7Mpn9l0; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=xnb5ztmzIaBB1I/0ezvaoqWT38ji7w6mB1WopMYfe0/a6g3433U7dwEY2wmO9mLXAJTm/2aCi2tdmg5a8OSE/rBHIuweBjJpGMyofMIUEy9p2BovSWRrN7Mpn9l0; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=VslhMKlQ4z08g2fMOJREPwAAAAB9NivCeiao6FQ1UvcJSZfg; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=fQZ9B7cRR0G+audgiBrYA+g7nGMAAAAAozgA2ka9T7IeOKd7+rTaVg==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 62) q(0 0 4 1) r(9 9) U2
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F594ddff5-b6a8-482c-b398-8128795c1093.png
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F594ddff5-b6a8-482c-b398-8128795c1093.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9e01db8bba3d4f5268e889cc8aafc908
cc721dab70f480d46e10f3058c35e6a7375d1bbd
918939aa1059ec75d3ac8abd167921119070aeee7a2ab4b2bd5ef03a08a1fd74
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F594ddff5-b6a8-482c-b398-8128795c1093.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7561
x-amzn-requestid: 3b9cee27-3b97-4218-98ba-6eaab5487256
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dH9xEEOAIAMFsKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6399766d-2febf3c410c492385376fcde;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 07:08:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8mPHLOkqXI-NDeasc9GL2ZJj-df4lc2KAWwZEeKQe2XOazxbDelsng==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:11:39 GMT
age: 44638
etag: "cc721dab70f480d46e10f3058c35e6a7375d1bbd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
107.154.199.39200 OK 43 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
IP 107.154.199.39:0
Hash 4c905fd0e32e3f79b25a4714b5196333
82fef34ed734e0600cb4b303d787dac8dee2437b
213f550222b2305b61aa5bcbcc33d3111f91d08359c3a1de7b699fa27ddbcf4d
GET /sso/gsol/pex/en/balat/includes/jqueryandplugins.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=JT82Es7xgB8eTUT0lW61IjHqhAId1O4odQGb7sNgszkg0cD/RYk7jAIawDIxXN7EPl5uxGJQtbcyYzc9A0XGfIiZHu5A/1D4R6W7l5PEofEhnsFkofwbHz9tKPwAg0fupjDauZcUpCympklf91dKYNbq6ufVzXWrDwf7B015UJMj; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=JT82Es7xgB8eTUT0lW61IjHqhAId1O4odQGb7sNgszkg0cD/RYk7jAIawDIxXN7EPl5uxGJQtbcyYzc9A0XGfIiZHu5A/1D4R6W7l5PEofEhnsFkofwbHz9tKPwAg0fupjDauZcUpCympklf91dKYNbq6ufVzXWrDwf7B015UJMj; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=VJnQtTCgVe6fVkZBYG/rUe4IkjFLXnsHi96fCPcw/MhjOkB2/uGBKc0wKnKypKl0R1L8cXNxJBapMFR652vfKhZIdG6LDI9qUmhzPC3q38fYEm077tFSC7CyzPws; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=VJnQtTCgVe6fVkZBYG/rUe4IkjFLXnsHi96fCPcw/MhjOkB2/uGBKc0wKnKypKl0R1L8cXNxJBapMFR652vfKhZIdG6LDI9qUmhzPC3q38fYEm077tFSC7CyzPws; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=z55+HGiFSBuU96AoOJREPwAAAACB+yxQTkii+IyLpvUtQV8/; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=yCbLYLSMfhy+audgiBrYA+k7nGMAAAAAvMJyAzenDAntezSyqO/iZQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 nNNN RT(1671183335658 51) q(0 0 4 1) r(13 13) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
107.154.199.39200 OK 12 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
IP 107.154.199.39:0
Hash d66e3c96cfdc5ebc371e28afe6e507b8
ede6a4b740353fcfe914b5d83702cba378a04104
7fd260fbbd6e89d0c27a2a159566808909842122b04e03fadaafb92fe4527d73
GET /sso/gsol/pex/en/balat/includes/SSO.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=uJkuudnidfB7zuJymCzqmSUjSZmKTfofWiiEyuPIGaDDhhUZzIqVe5RC6YJk3mDTSNyagS99d9COOaI0P40K25EHMbm03VPDgKORRHqdrrrVwHg00uCcRZ5qTWD6KND7HVurS5rrq2kWiJXzgq0J+kFT1d1TotQtgCEdbriTYLy/; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=uJkuudnidfB7zuJymCzqmSUjSZmKTfofWiiEyuPIGaDDhhUZzIqVe5RC6YJk3mDTSNyagS99d9COOaI0P40K25EHMbm03VPDgKORRHqdrrrVwHg00uCcRZ5qTWD6KND7HVurS5rrq2kWiJXzgq0J+kFT1d1TotQtgCEdbriTYLy/; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=lvyi+CPOA9/KRla+Gjvr8hhNUHzeXuYQ5YCkTUCh8KYaEORtakW49UHYHNtgCDc/GJJu2K7TxAoEV45Tv6gYKdb5tJne/tjRqZExS2pl6bo4c8l2C1IN/nQ2+0tl; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=lvyi+CPOA9/KRla+Gjvr8hhNUHzeXuYQ5YCkTUCh8KYaEORtakW49UHYHNtgCDc/GJJu2K7TxAoEV45Tv6gYKdb5tJne/tjRqZExS2pl6bo4c8l2C1IN/nQ2+0tl; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=hIEYWFLtAURoZOZFOJREPwAAAACvfmga7jaRLZZclqzCS4gp; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=zrWADhmjDEO+audgiBrYA+g7nGMAAAAAeGhWnyx/WVAUDY5RIf5LzA==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 51) q(0 0 4 2) r(9 9) U2
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f6337-b00d-4487-82ce-cbed5b4f3f4f.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f6337-b00d-4487-82ce-cbed5b4f3f4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d2294cdacdc84b8b19874ba56035a6d
53009a81b15e464d5529d36b1e04b841b2ae034e
67d59aa026b43ed3f698f3853b986fc7c07e4e6e5f7b3551e59238f79978480a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f6337-b00d-4487-82ce-cbed5b4f3f4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7616
x-amzn-requestid: 71bbe208-11e3-4280-bf09-bff8bd18fcb4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c82fXGmPoAMF3Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63950462-12393ca432808b7f0b2771dc;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:12:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G1MopDnv-WOAbIBMe0v-V9xXeJIVDReKWSMG33dQt1q5GpK41RU0PQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Dec 2022 07:15:01 GMT
age: 8436
etag: "53009a81b15e464d5529d36b1e04b841b2ae034e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash d8ee7b5ed9f1ce2717492af01f420e1f
1e1cfe7134e0d88f1398c5e8b54c2632a7d3459b
1b0f0eff510a5eee48139d1f2a02a4f98109541998da638034bc04b05ef72d32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG
107.154.199.39200 OK 1.6 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG
IP 107.154.199.39:0
File type PNG image data, 146 x 63, 8-bit colormap, non-interlaced\012- data
Hash db7ada75691e9de834f24b8e1ca09a9d
e7dacc636b096ab8e4ed8380475b97b39b356ebb
d0f108ac5521a079f476c836ca9612310bd8da9e75ba91ff412653453939ae51
GET /sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
Cookie: AWSALBTGCORS=JT82Es7xgB8eTUT0lW61IjHqhAId1O4odQGb7sNgszkg0cD/RYk7jAIawDIxXN7EPl5uxGJQtbcyYzc9A0XGfIiZHu5A/1D4R6W7l5PEofEhnsFkofwbHz9tKPwAg0fupjDauZcUpCympklf91dKYNbq6ufVzXWrDwf7B015UJMj; AWSALBCORS=VJnQtTCgVe6fVkZBYG/rUe4IkjFLXnsHi96fCPcw/MhjOkB2/uGBKc0wKnKypKl0R1L8cXNxJBapMFR652vfKhZIdG6LDI9qUmhzPC3q38fYEm077tFSC7CyzPws
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:37 GMT
content-type: image/png
content-length: 1634
set-cookie: AWSALBTG=CSsu1iqLPCbNks6DmPle8iXTdgRDvrFuriaHU6hRN342kSRwy608/9DPiwQ4kQq338MvNUJouQeUL10yhkd48qRWmokqifWdrLjgavbjtLjz3sMLKStXZwXw9bJrQaz2hvuomiYjs5ZMQWbIADBge7Hu3lKqVAzz75yu1imzBCcs; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/
AWSALBTGCORS=CSsu1iqLPCbNks6DmPle8iXTdgRDvrFuriaHU6hRN342kSRwy608/9DPiwQ4kQq338MvNUJouQeUL10yhkd48qRWmokqifWdrLjgavbjtLjz3sMLKStXZwXw9bJrQaz2hvuomiYjs5ZMQWbIADBge7Hu3lKqVAzz75yu1imzBCcs; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/; SameSite=None; Secure
AWSALB=kn3+hMW/gvsdCtKIvDARUUJjGkjrzuKwwYT4t0n3H/Yh+rigiKKIR/8vJjH7VNibBKq+JduLxiMWJz/LtDOCQprW0XqfiHmufQoId1II6dy6nSm0mJT1lWcLr73A; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/
AWSALBCORS=kn3+hMW/gvsdCtKIvDARUUJjGkjrzuKwwYT4t0n3H/Yh+rigiKKIR/8vJjH7VNibBKq+JduLxiMWJz/LtDOCQprW0XqfiHmufQoId1II6dy6nSm0mJT1lWcLr73A; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=wDQzXs3s5WdEHKCQOJREPwAAAADNYjrfx6AtlfLh6l3K3cnr; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=5xoKL5UrI3y+audgiBrYA+k7nGMAAAAAbm0FkUrT/BfM3Z++IfWNdw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 1510) q(0 0 0 0) r(4 4) U2
X-Firefox-Spdy: h2
s.webtrends.com/js/webtrends.hm.js
143.204.55.43200 OK 7.4 kB URL HTTP/1.1 s.webtrends.com/js/webtrends.hm.js
IP 143.204.55.43:0
File type HTML document, ASCII text, with CRLF line terminators
Hash b2ea8b95abb8ab706e7a0cfa9685cd10
8b75b0f6fff26a3a651d9346db02fefe45a67379
fe11671e8ca6d3b5659e5dae0924ecae80c99c0dd72478710eed0886e687f69d
GET /js/webtrends.hm.js HTTP/1.1
Host: s.webtrends.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7382
Connection: keep-alive
Last-Modified: Tue, 25 Feb 2020 23:34:02 GMT
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Date: Sun, 11 Dec 2022 16:20:52 GMT
ETag: "b2ea8b95abb8ab706e7a0cfa9685cd10"
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: k_1r1NP5UnxnzQYHr8Oy-ivZEMN0IfO4d3yfaqO6EWvHytGGeJ-LSQ==
Age: 407707
www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4febe4716d93c01917cc718ed52f0d1c
9437b5b65a71ae87dc652a40a0e030a6464991e4
3ff71e43c20bb1c8d9018a800fe877e8e4e46be21f0a051b402297f370eca77a
GET /gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Dec 2022 09:35:38 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 136bd46a9be0a4b93904f1f09f0d3b8e
e6ed009f017b9f9f8df0446bc28374ff5c776271
e1f368a7537bb71b76ce9ee9b25a96f16e204a48f4e9f9bdf5e7c8dbe76aef98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.adsrvr.org/up_loader.1.1.0.js
143.204.45.46200 OK 1.9 kB URL HTTP/1.1 js.adsrvr.org/up_loader.1.1.0.js
IP 143.204.45.46:0
File type ASCII text, with very long lines (4593), with no line terminators
Hash 8014ea74946aee77ef2f3b9a264be553
fda85fc27ac2f811e543c11436cf5623cbd46bb2
271b1db0f8cff912a931b78cedb32fd59adeb60025dbcbd7cc5add7d03c82f7c
GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 15 Dec 2022 15:54:34 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: D8DJk33_DvUkdXC9CXQN2ZpuRsNEUWi1v6w6tQ8cGFwQFBbJRKz-iQ==
Age: 63665
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 136bd46a9be0a4b93904f1f09f0d3b8e
e6ed009f017b9f9f8df0446bc28374ff5c776271
e1f368a7537bb71b76ce9ee9b25a96f16e204a48f4e9f9bdf5e7c8dbe76aef98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
czjilce-aqg-6.tk/sso/GeneralManager?action=captchaApi&language=en
162.241.87.224404 Not Found 315 B URL HTTP/1.1 czjilce-aqg-6.tk/sso/GeneralManager?action=captchaApi&language=en
IP 162.241.87.224:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert quad9 Sinkholed
POST /sso/GeneralManager?action=captchaApi&language=en HTTP/1.1
Host: czjilce-aqg-6.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 21
Origin: http://czjilce-aqg-6.tk
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/nene/login.globalsources.com/error.php?email=
HTTP/1.1 404 Not Found
Date: Fri, 16 Dec 2022 09:35:37 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=1610416614713;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
142.250.74.38200 OK 261 B URL HTTP/2 10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=1610416614713;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (503), with no line terminators
Hash a8f8bd8e5735b1140bee5850068fe30c
ab752035f63ab7569b287dc577516f837a611fb3
53e1739599415df5ef27da20c094a0b3108180fb68cf8f7f8a8c4a796b16afb5
GET /activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=1610416614713;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D? HTTP/1.1
Host: 10716254.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 261
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Dec-2022 09:50:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
142.250.74.38200 OK 281 B URL HTTP/2 12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499), with no line terminators
Hash 06aa2a80ef14537ad8b799568a633b31
9cf48bd0c6f3aa1054237a235455622c0558cb63
f9e01ee97f476a59e8934c150c05865ea4c45546b9ea8d82a5619a95eaf4e477
GET /activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D? HTTP/1.1
Host: 12419770.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 281
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Dec-2022 09:50:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.58.207.206200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Fri, 16 Dec 2022 08:23:16 GMT
Expires: Fri, 16 Dec 2022 10:23:16 GMT
Cache-Control: public, max-age=7200
Age: 4342
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
login.globalsources.com/sso/gsol/pex/en/balat/includes/webtrends.min.js
107.154.199.39200 OK 13 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/webtrends.min.js
IP 107.154.199.39:0
File type ASCII text, with very long lines (13063)
Hash c61cbdf47dae3b828b0448c14210c903
0d402b576762134075e53be47a2d88ee4fbfefaa
26ab948f59f4431c7a7026c05c7e1ca5fa219efb026228c040f111ee8d212edb
GET /sso/gsol/pex/en/balat/includes/webtrends.min.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Cookie: AWSALBTGCORS=JT82Es7xgB8eTUT0lW61IjHqhAId1O4odQGb7sNgszkg0cD/RYk7jAIawDIxXN7EPl5uxGJQtbcyYzc9A0XGfIiZHu5A/1D4R6W7l5PEofEhnsFkofwbHz9tKPwAg0fupjDauZcUpCympklf91dKYNbq6ufVzXWrDwf7B015UJMj; AWSALBCORS=VJnQtTCgVe6fVkZBYG/rUe4IkjFLXnsHi96fCPcw/MhjOkB2/uGBKc0wKnKypKl0R1L8cXNxJBapMFR652vfKhZIdG6LDI9qUmhzPC3q38fYEm077tFSC7CyzPws
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:37 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=pfnKXTF0sCPDFciV51OOZTd7Ihu2L4KgYuhyb7sXBABUdw1SAWqlWkmpK1EnCy2a4QO4AKt9eFpLIGOEtkmR724GMz9D+bPuw9AXSR1q+58zLYFuhoScMN8HSWRSObfbthlR8YeVikluD9DqYInPZGeGyMdq6GddWq5Z+KxRSixT; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/
AWSALBTGCORS=pfnKXTF0sCPDFciV51OOZTd7Ihu2L4KgYuhyb7sXBABUdw1SAWqlWkmpK1EnCy2a4QO4AKt9eFpLIGOEtkmR724GMz9D+bPuw9AXSR1q+58zLYFuhoScMN8HSWRSObfbthlR8YeVikluD9DqYInPZGeGyMdq6GddWq5Z+KxRSixT; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/; SameSite=None; Secure
AWSALB=nKKjYKYg3QQkU+qWLGxCvCCFrQmbf198q8nUu/Ix9+1JGjCj97vpU9UvJsZgO9Lu5uxu4M1KVccepdu+dkOsLnXn6LHhQW62WsayfsoXU5qtzhbubAUelrwy31Vm; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/
AWSALBCORS=nKKjYKYg3QQkU+qWLGxCvCCFrQmbf198q8nUu/Ix9+1JGjCj97vpU9UvJsZgO9Lu5uxu4M1KVccepdu+dkOsLnXn6LHhQW62WsayfsoXU5qtzhbubAUelrwy31Vm; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=iVJ+cjZ27A5p9HJVOJREPwAAAAC/YScoWqpXT2yYW9K/wHY3; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=mDlFP3SHAwG+audgiBrYA+k7nGMAAAAAfB+2KiGxupUK3FcxkXsuZg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 1496) q(0 0 0 0) r(2 2) U2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 136bd46a9be0a4b93904f1f09f0d3b8e
e6ed009f017b9f9f8df0446bc28374ff5c776271
e1f368a7537bb71b76ce9ee9b25a96f16e204a48f4e9f9bdf5e7c8dbe76aef98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.156.98.77301 Moved Permanently 244 B URL HTTP/1.1 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.156.98.77:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8fc9865f26fa25a6392c2f6060ae5df3
848c84d5259d274403799d8f07dce9a524662a0f
6fcb4b79975d55a072ba52bfd817cfba24b1a9f4777c706fb0706fd385601caa
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
Date: Fri, 16 Dec 2022 09:35:38 GMT
Connection: close
Content-Length: 244
bat.bing.com/bat.js
204.79.197.200200 OK 12 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39124), with no line terminators
Hash d925a898de26295fdebfc90203ef46fa
77dd3f5893b76530e08058d50e8f9aef017e80c7
8f4a413fec7e48f5ac290f4596fef33b6396e7fb31080ec0203a5ec817d140c8
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11460
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ranges: bytes
etag: "027e538cd8d91:0"
vary: Accept-Encoding
set-cookie: MUID=32E96336E9D3699B01D5714AE82668F3; domain=.bing.com; expires=Wed, 10-Jan-2024 09:35:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CF150F35380B46DE875B7796728A7893 Ref B: OSL30EDGE0213 Ref C: 2022-12-16T09:35:38Z
date: Fri, 16 Dec 2022 09:35:37 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 76342e17f518d383455bb527dcd69aaf
7deb5f63197259b85d651f28cccf6ed7b876cc47
a8d3ef749bee471bf92905f15fabc171be88cc03cb97e9f7566e70efcd82864d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 265916d2a0593eb24feac5fbc15140ed
ab86ab5c1da114c82fabd9752f98fbf65502648d
40da94ba8f4698a6671d41eebb2fb54b1d7ed31b3a7583892f11ee7cea975c5b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2271
Cache-Control: max-age=103147
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Etag: "639b22f6-1d7"
Expires: Sat, 17 Dec 2022 14:14:45 GMT
Last-Modified: Thu, 15 Dec 2022 13:36:54 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
107.154.199.39200 OK 1.2 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
IP 107.154.199.39:0
Hash ebf32b48b1adfc98d0b0d10ee6c630c3
0952ae6f23d92ca15b79d8b3549259079f8f035c
9b75c1e73f974cb156ae8832653ae3b5e2f639f53989675d32b27c3166f2eb76
GET /sso/gsol/pex/en/common/includes/egain_docked_chat.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=AwjlKdFsUwY4/UObzr4nei+LaLggc1OAwOLNl6mxWW9hqx7cCgZ5iUn2MGLyDJx9sQv/Iz5r8AAQLWA3nAeodWbjZUqdfj0hL2LgKc15FQgyTY7blLiN+VMcdEgInT1bj2QCgLxsIz9c4ZrC9BjdI7goX++4mPRSDvMxdihHBVfu; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=AwjlKdFsUwY4/UObzr4nei+LaLggc1OAwOLNl6mxWW9hqx7cCgZ5iUn2MGLyDJx9sQv/Iz5r8AAQLWA3nAeodWbjZUqdfj0hL2LgKc15FQgyTY7blLiN+VMcdEgInT1bj2QCgLxsIz9c4ZrC9BjdI7goX++4mPRSDvMxdihHBVfu; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=dmFBPzNLnKHaeNTPgiXpUuqHOVZKTKSJjPSqTzvTqgXVjmQeqNOC9LVXhal8kysU2WdUKt2huHWC+x/+qat1UDxvXvEzw2tE+n6+myruRvJAPZNlQnIIcUjH62Dt; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=dmFBPzNLnKHaeNTPgiXpUuqHOVZKTKSJjPSqTzvTqgXVjmQeqNOC9LVXhal8kysU2WdUKt2huHWC+x/+qat1UDxvXvEzw2tE+n6+myruRvJAPZNlQnIIcUjH62Dt; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=ELNZENhogkEJVevHOJREPwAAAABW/+tPAgcx+EIwdhC9cSoq; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=6t5NaOm6NyW+audgiBrYA+g7nGMAAAAAdTA7ZlwZaio7pVP2lv/HYg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:09 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 64) q(0 0 4 0) r(7 7) U2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 76342e17f518d383455bb527dcd69aaf
7deb5f63197259b85d651f28cccf6ed7b876cc47
a8d3ef749bee471bf92905f15fabc171be88cc03cb97e9f7566e70efcd82864d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1671183335086&cv=11&fst=1671183335086&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=265985366.1671183335&rfmt=3&fmt=4
142.250.74.66200 OK 894 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1671183335086&cv=11&fst=1671183335086&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=265985366.1671183335&rfmt=3&fmt=4
IP 142.250.74.66:0
File type ASCII text, with very long lines (1877), with no line terminators
Hash 61c595262c4874f4b93200b9ceae55b2
ef017053e4f4c4009a235b439a632ab86c217080
d0f05ad58d889cdd3717ce6190a2a611b4a6ffaa890c158d3843ffc53aa1c1fb
GET /pagead/viewthroughconversion/1072021429/?random=1671183335086&cv=11&fst=1671183335086&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=265985366.1671183335&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 894
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Dec-2022 09:50:38 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 8b26cd4609e2025e51e90573a0fbd6f7
efc2006ae5297ad5ae5e064188b9fba73f6b868f
e288b6a1e220f5fb781cfbb0b739b36c6acfdceccff8f0278fc151c241b0b50b
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Y5iucnFGq4/sMeLwxNE7EOGOP18vXRlgbQf6pODX3RuJNaZCqPhNz+OPHhX8bf5rPanZDcZQryQksmUrzEnfNA==
content-length: 27298
x-fb-trip-id: 1904183273
date: Fri, 16 Dec 2022 09:35:38 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash d8728b37979eb7ff6c3ad5a96091d4ce
988859950d480caa2fe23e14d5f29df17827dc6d
a33db1e064a2e10cb01ecc3184b4f65f134f93a10647c67602bfcea6d0c56740
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/collect?v=1&_v=j98&a=396530945&t=pageview&_s=1&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=1868485531&gjid=843585878&cid=1614153316.1671183335&tid=UA-179370-18&_gid=162717466.1671183335&cg1=LOGIN_FORM_ERR&z=1174198109
216.58.207.206200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j98&a=396530945&t=pageview&_s=1&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=1868485531&gjid=843585878&cid=1614153316.1671183335&tid=UA-179370-18&_gid=162717466.1671183335&cg1=LOGIN_FORM_ERR&z=1174198109
IP 216.58.207.206:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=396530945&t=pageview&_s=1&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=1868485531&gjid=843585878&cid=1614153316.1671183335&tid=UA-179370-18&_gid=162717466.1671183335&cg1=LOGIN_FORM_ERR&z=1174198109 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Fri, 16 Dec 2022 08:36:31 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 3547
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
czjilce-aqg-6.tk/favicon.ico
162.241.87.224404 Not Found 315 B URL HTTP/1.1 czjilce-aqg-6.tk/favicon.ico
IP 162.241.87.224:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: czjilce-aqg-6.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/nene/login.globalsources.com/error.php?email=
Cookie: _gcl_au=1.1.265985366.1671183335
HTTP/1.1 404 Not Found
Date: Fri, 16 Dec 2022 09:35:37 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&ct_cookie_present=1
142.250.74.66200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&ct_cookie_present=1
IP 142.250.74.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Dec-2022 09:50:38 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 371baf8f9095ee3dd632a9ca15da8c7c
6300df62d8650fb94442fdbaa9b12acd4abcddfd
961dba83ddd0cf1c1c7028687f4b5ffb98dc8609045a8f73ea59e49ebfbe5a1d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 371baf8f9095ee3dd632a9ca15da8c7c
6300df62d8650fb94442fdbaa9b12acd4abcddfd
961dba83ddd0cf1c1c7028687f4b5ffb98dc8609045a8f73ea59e49ebfbe5a1d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-conversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
142.250.74.132302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 142.250.74.132:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 265916d2a0593eb24feac5fbc15140ed
ab86ab5c1da114c82fabd9752f98fbf65502648d
40da94ba8f4698a6671d41eebb2fb54b1d7ed31b3a7583892f11ee7cea975c5b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2271
Cache-Control: max-age=103147
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Etag: "639b22f6-1d7"
Expires: Sat, 17 Dec 2022 14:14:45 GMT
Last-Modified: Thu, 15 Dec 2022 13:36:54 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
login.globalsources.com/rdvoqldvqhjbezvv825122.js
107.154.199.39404 Not Found 6.6 kB URL HTTP/2 login.globalsources.com/rdvoqldvqhjbezvv825122.js
IP 107.154.199.39:0
Hash 4b9923385b10905e32fb766a4f1585b2
45fdd0680325057faea4a876ebc30390c1d04408
8a7737809de2336f018b7ece9747b4416735f82635c1073ab4aa41fa7e167b6c
GET /rdvoqldvqhjbezvv825122.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 16 Dec 2022 09:35:37 GMT
content-type: text/html
set-cookie: AWSALBTG=/naIU0X1NAA2rDg+RWV6zzlBj2juqpEEB5RhxZkb/Dq/LwStdhFXIIZSFlILK8R/n5ewh4wTFTah53nlUFefi98xSO+MckWvHE315IGfPffV+9xutNxQWW459XVZ51/K1VMfEa6P/Pn4Fl7doAL5VDpgCJb7FB4+TAF3TeI6lbbd; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/
AWSALBTGCORS=/naIU0X1NAA2rDg+RWV6zzlBj2juqpEEB5RhxZkb/Dq/LwStdhFXIIZSFlILK8R/n5ewh4wTFTah53nlUFefi98xSO+MckWvHE315IGfPffV+9xutNxQWW459XVZ51/K1VMfEa6P/Pn4Fl7doAL5VDpgCJb7FB4+TAF3TeI6lbbd; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/; SameSite=None; Secure
AWSALB=a+SBreIlIPd8/v2RFcGZuGB7V+fb5yjkpTIgR9AZcz6xDhw4E3MSUGgqLanRh58bhZYsGFwOpKbHY1ZDh2ZmjH6PUOw0xXVLdmS3o7iXqY3VSNPAtUiKcbgIVjQ+; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/
AWSALBCORS=a+SBreIlIPd8/v2RFcGZuGB7V+fb5yjkpTIgR9AZcz6xDhw4E3MSUGgqLanRh58bhZYsGFwOpKbHY1ZDh2ZmjH6PUOw0xXVLdmS3o7iXqY3VSNPAtUiKcbgIVjQ+; Expires=Fri, 23 Dec 2022 09:35:37 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=Pj52OZfEZE57n6wMOJREPwAAAADskjkt1NEDo7LbBQ3rzEzG; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=dtOXdLK1HlC+audgiBrYA+g7nGMAAAAAEEivoLBg3LMUR50KiRAjlg==; path=/; Domain=.globalsources.com
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892175 2NNN RT(1671183335658 65) q(0 0 0 0) r(9 9) U11
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/1072021429/?random=1671183335086&cv=11&fst=1671181200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=3601573371&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1072021429/?random=1671183335086&cv=11&fst=1671181200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=3601573371&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1072021429/?random=1671183335086&cv=11&fst=1671181200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=3601573371&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 76342e17f518d383455bb527dcd69aaf
7deb5f63197259b85d651f28cccf6ed7b876cc47
a8d3ef749bee471bf92905f15fabc171be88cc03cb97e9f7566e70efcd82864d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.66200 OK 263 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498), with no line terminators
Hash 898533bfd1058cf79cbd5942644dc3af
401454d14c591bd3ec00b0080b2d0baf1b330d07
3250d8322ddb3353d1caaed03267918e4bbdc86cc759861ec7cc9cf9cc964ce0
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12419770.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 263
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/signals/config/396613127629341?v=2.9.90&r=stable
31.13.72.12200 OK 86 kB URL HTTP/2 connect.facebook.net/signals/config/396613127629341?v=2.9.90&r=stable
IP 31.13.72.12:0
File type ASCII text, with very long lines (64471)
Hash b3e4c18ae4fbe412cf74af3a913825df
a8874eafb2366e2446a764841a5a3cda4fd87b41
90e942421f3cbd65ff2366eddc75fb6a94ac2a7aec38521c78d36c3f40315fc9
GET /signals/config/396613127629341?v=2.9.90&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: tCd9MvYqvVk8SPh/yf1YOa+HSaoU8NpZZECkXGiSV9TYPHHDTkOcxI86SUMyddeDN6d3+IzADsfp/9vigL+V1Q==
priority: u=3,i
content-length: 86132
x-fb-trip-id: 1904183273
date: Fri, 16 Dec 2022 09:35:38 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=30af9f16-cab5-42ce-be41-844525223a17&sid=fe18a3c07d2411edba152fbffce5b485&vid=fe18c1707d2411eda641bd2898ee8caf&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&r=<=2463&evt=pageLoad&sv=1&rn=451535
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=30af9f16-cab5-42ce-be41-844525223a17&sid=fe18a3c07d2411edba152fbffce5b485&vid=fe18c1707d2411eda641bd2898ee8caf&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&r=<=2463&evt=pageLoad&sv=1&rn=451535
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137022501&tm=gtm002&Ver=2&mid=30af9f16-cab5-42ce-be41-844525223a17&sid=fe18a3c07d2411edba152fbffce5b485&vid=fe18c1707d2411eda641bd2898ee8caf&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&r=<=2463&evt=pageLoad&sv=1&rn=451535 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0AC7E30CC03667ED2B3AF170C1C36640; domain=.bing.com; expires=Wed, 10-Jan-2024 09:35:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 059C6DE5811042398C9956F8CE720A5C Ref B: OSL30EDGE0213 Ref C: 2022-12-16T09:35:38Z
date: Fri, 16 Dec 2022 09:35:37 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 64e4713c6a6c50b04568b649c8c75ee4
f5ab3abfd798fe68af2b608d2dfba492675d0cb1
65305e9bbdb4ff07a4fccb67598d03d9648afd0d984645c85e62fdc1af6f5ba2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 371baf8f9095ee3dd632a9ca15da8c7c
6300df62d8650fb94442fdbaa9b12acd4abcddfd
961dba83ddd0cf1c1c7028687f4b5ffb98dc8609045a8f73ea59e49ebfbe5a1d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash d64508814c024cbebabccd53b33e9542
4bf039892ffb6818f5beadae53aa2a7967423711
a00ea1810c5adb13535919311c154352c515072f4ede4127626ffadc6124a73d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/p/action/137022501.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137022501.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137022501.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=372F7A06085C6F6E07A5687A09A96E08; domain=.bing.com; expires=Wed, 10-Jan-2024 09:35:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B62536E1AE04446CBB4BC9F637540356 Ref B: OSL30EDGE0213 Ref C: 2022-12-16T09:35:38Z
date: Fri, 16 Dec 2022 09:35:37 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 371baf8f9095ee3dd632a9ca15da8c7c
6300df62d8650fb94442fdbaa9b12acd4abcddfd
961dba83ddd0cf1c1c7028687f4b5ffb98dc8609045a8f73ea59e49ebfbe5a1d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1614153316.1671183335&jid=1868485531&gjid=843585878&_gid=162717466.1671183335&_u=YCDAgEABAAAAAEAAI~&z=306729312
74.125.205.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1614153316.1671183335&jid=1868485531&gjid=843585878&_gid=162717466.1671183335&_u=YCDAgEABAAAAAEAAI~&z=306729312
IP 74.125.205.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1614153316.1671183335&jid=1868485531&gjid=843585878&_gid=162717466.1671183335&_u=YCDAgEABAAAAAEAAI~&z=306729312 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://czjilce-aqg-6.tk
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://czjilce-aqg-6.tk
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash d64508814c024cbebabccd53b33e9542
4bf039892ffb6818f5beadae53aa2a7967423711
a00ea1810c5adb13535919311c154352c515072f4ede4127626ffadc6124a73d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 06612a702dd3686207e6a4031f79d34e
3a1be9901f9c9271b91a2b00ee7e6abc49086ba5
154da1479719d54b088120f2435ab08c2a44743abe2c2e67ae78db9537ecef40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 06612a702dd3686207e6a4031f79d34e
3a1be9901f9c9271b91a2b00ee7e6abc49086ba5
154da1479719d54b088120f2435ab08c2a44743abe2c2e67ae78db9537ecef40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.156.98.77200 OK 10 B URL HTTP/2 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.156.98.77:0
File type exported SGML document, ASCII text, with CRLF line terminators
Hash 944ece9d6d59cdf6eaa8ae6c6c205b93
877b1b2addfb2494453305fa4b93f3f03ee064c2
d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://czjilce-aqg-6.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
strict-transport-security: max-age=31536000
date: Fri, 16 Dec 2022 09:35:37 GMT
content-length: 10
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/1072021429/?random=1671183335086&cv=11&fst=1671181200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=3601573371&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1072021429/?random=1671183335086&cv=11&fst=1671181200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=3601573371&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1072021429/?random=1671183335086&cv=11&fst=1671181200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=3601573371&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/3267009/domain/czjilce-aqg-6.tk/token
143.204.55.82200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/czjilce-aqg-6.tk/token
IP 143.204.55.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/3267009/domain/czjilce-aqg-6.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://czjilce-aqg-6.tk/
Origin: http://czjilce-aqg-6.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Thu, 15 Dec 2022 22:25:14 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -NlrD-x4Lnr3vSlRAi1AvHf4i7v2J7CsidGqQTAql75_np2Pmysx2A==
age: 40224
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.35200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.35:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1671183335107&cv=11&fst=1671183335107&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=265985366.1671183335&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://czjilce-aqg-6.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=1610416614713;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.2200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=1610416614713;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=1610416614713;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
expires: Fri, 16 Dec 2022 09:35:38 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.2200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=7289538560506;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
expires: Fri, 16 Dec 2022 09:35:38 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1671183335313&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1671183335313&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3267009&time=1671183335313&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1671183335313%26url%3Dhttp%253A%252F%252Fczjilce-aqg-6.tk%252Fnene%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJXzqPQw_RsrgAAAYUaSgu6b6PkeQ8q3C4UiQbfL_R6M5_WcvGnlGZx3C4igKs91SPdj9WQUlgmDA; Max-Age=2592000; Expires=Sun, 15 Jan 2023 09:35:38 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQITL9QhaXbzcwAAAYUaSgu6ghlZMaGeFjQ3VtcDZsme1b-xuhQ6ueFsKiJZy4pHUJrnIQ5-xGUjltzSx5X2rQ; Max-Age=2592000; Expires=Sun, 15 Jan 2023 09:35:38 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&9739f51a-d504-4f84-8ffb-0b3208890840"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 16-Dec-2023 09:35:38 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2460:u=1:x=1:i=1671183338:t=1671269738:v=2:sig=AQHUBCePb0uLsx-uC3Np8UdAfUIxg7ZC"; Expires=Sat, 17 Dec 2022 09:35:38 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXv7rE9e5K6ckFyI1R9dA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: CF33C7C1693741CE9A4D54671FEE8219 Ref B: OSL30EDGE0310 Ref C: 2022-12-16T09:35:38Z
date: Fri, 16 Dec 2022 09:35:38 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 64e4713c6a6c50b04568b649c8c75ee4
f5ab3abfd798fe68af2b608d2dfba492675d0cb1
65305e9bbdb4ff07a4fccb67598d03d9648afd0d984645c85e62fdc1af6f5ba2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash d64508814c024cbebabccd53b33e9542
4bf039892ffb6818f5beadae53aa2a7967423711
a00ea1810c5adb13535919311c154352c515072f4ede4127626ffadc6124a73d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1614153316.1671183335&jid=1868485531&_u=YCDAgEABAAAAAEAAI~&z=1249976392
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1614153316.1671183335&jid=1868485531&_u=YCDAgEABAAAAAEAAI~&z=1249976392
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1614153316.1671183335&jid=1868485531&_u=YCDAgEABAAAAAEAAI~&z=1249976392 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 06612a702dd3686207e6a4031f79d34e
3a1be9901f9c9271b91a2b00ee7e6abc49086ba5
154da1479719d54b088120f2435ab08c2a44743abe2c2e67ae78db9537ecef40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1671183335535&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671183335534.347847276&it=1671183335376&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1671183335535&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671183335534.347847276&it=1671183335376&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1671183335535&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671183335534.347847276&it=1671183335376&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 16 Dec 2022 09:35:38 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1671183335537&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1671183335534.347847276&it=1671183335376&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1671183335537&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1671183335534.347847276&it=1671183335376&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1671183335537&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1671183335534.347847276&it=1671183335376&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 16 Dec 2022 09:35:38 GMT
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Cookie: AWSALBTGCORS=pfnKXTF0sCPDFciV51OOZTd7Ihu2L4KgYuhyb7sXBABUdw1SAWqlWkmpK1EnCy2a4QO4AKt9eFpLIGOEtkmR724GMz9D+bPuw9AXSR1q+58zLYFuhoScMN8HSWRSObfbthlR8YeVikluD9DqYInPZGeGyMdq6GddWq5Z+KxRSixT; AWSALBCORS=nKKjYKYg3QQkU+qWLGxCvCCFrQmbf198q8nUu/Ix9+1JGjCj97vpU9UvJsZgO9Lu5uxu4M1KVccepdu+dkOsLnXn6LHhQW62WsayfsoXU5qtzhbubAUelrwy31Vm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 28 Apr 2022 06:31:57 GMT
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:38 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=8UZ1Qxc4p9SrYTws1bxEOl64M2VhbURBUk3FMeur+05E5wtMtaptaXUavCYi28UU7mx+Rm9p4LFoRr1gkJa3M6a7zw2AKWPLkNuxrt5pNmkKZYWcmHoYOCs/C8f83PCRNzznx1zEXdEmjRSIkgR9Uo4I5oywqaBpdNB2j95tV5Op; Expires=Fri, 23 Dec 2022 09:35:38 GMT; Path=/
AWSALBTGCORS=8UZ1Qxc4p9SrYTws1bxEOl64M2VhbURBUk3FMeur+05E5wtMtaptaXUavCYi28UU7mx+Rm9p4LFoRr1gkJa3M6a7zw2AKWPLkNuxrt5pNmkKZYWcmHoYOCs/C8f83PCRNzznx1zEXdEmjRSIkgR9Uo4I5oywqaBpdNB2j95tV5Op; Expires=Fri, 23 Dec 2022 09:35:38 GMT; Path=/; SameSite=None; Secure
AWSALB=QL2TRLspV1X05XTrqTMFJSpxneKaH0i+8A0VWw1jDRt48WoP36D/QoEYixpB2W93rfhzBr0Z3x6ILpAamGqQbv91MCzcqQBYW+72tGri0EB04WTlG//2MZ0nXx70; Expires=Fri, 23 Dec 2022 09:35:38 GMT; Path=/
AWSALBCORS=QL2TRLspV1X05XTrqTMFJSpxneKaH0i+8A0VWw1jDRt48WoP36D/QoEYixpB2W93rfhzBr0Z3x6ILpAamGqQbv91MCzcqQBYW+72tGri0EB04WTlG//2MZ0nXx70; Expires=Fri, 23 Dec 2022 09:35:38 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=LXZzAXtAKzUjRzbrOJREPwAAAAA6+rCvpOatMU0e3zpocq7r; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=gUeXJuXnNQ++audgiBrYA+o7nGMAAAAABieqn8k1PM3oUkvzVda1WQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892194 2NNN RT(1671183335658 1762) q(0 0 0 0) r(6 6) U2
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/3267009/domain/czjilce-aqg-6.tk/token
143.204.55.82200 OK 62 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/czjilce-aqg-6.tk/token
IP 143.204.55.82:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d39abb34da93ec5faa48669ac4788977
cc2627a86b99e91540251b6fb7e17a9b1faa1ee7
b329d16bd7e06de93beac4a9e4d67b8be6d1c944b7b8e398b929460f73b7c4ce
GET /partner/3267009/domain/czjilce-aqg-6.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://czjilce-aqg-6.tk
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Fri, 16 Dec 2022 09:35:38 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Z-KoA6w9KYtAoxkrxXrcEZAvcV2RWEIAcdqZ3wEeUxc5Z3E7GNP0lw==
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1671183335313%26url%3Dhttp%253A%252F%252Fczjilce-aqg-6.tk%252Fnene%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1671183335313%26url%3Dhttp%253A%252F%252Fczjilce-aqg-6.tk%252Fnene%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1671183335313%26url%3Dhttp%253A%252F%252Fczjilce-aqg-6.tk%252Fnene%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://czjilce-aqg-6.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1671183335313&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&e34e8bcf-90ff-4e03-8343-8077e4179b3a"; Domain=.linkedin.com; Expires=Sat, 16-Dec-2023 09:35:38 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202212160935380907e2f9-bb47-4b48-8615-4ae5a40fbaf6AQEh8OrboCwU7Z7E1iFo2gZGljbtDnRV"; Domain=.www.linkedin.com; Expires=Sat, 16-Dec-2023 09:35:38 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzExODMzMzg7MjswMjFMLrhluAHKpDrWmli37GVYBF4s6BvCOodeC1J/dO6ejw==; Domain=.linkedin.com; Expires=Wed, 14 Jun 2023 09:35:38 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2438:u=1:x=1:i=1671183338:t=1671269738:v=2:sig=AQFH2aNNuAV6w5Nv1bbrM5XoOYZ7_N4R"; Expires=Sat, 17 Dec 2022 09:35:38 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com *.microsoft.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com onyx.www.linkedin.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXv7rFAhHmKVBAdcbG3Tg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 8415CB88E73C4FE0B3C337E6940D03B9 Ref B: OSL30EDGE0310 Ref C: 2022-12-16T09:35:38Z
date: Fri, 16 Dec 2022 09:35:38 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1671183335313&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1671183335313&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3267009&time=1671183335313&url=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://czjilce-aqg-6.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&65382ee9-d84b-42e7-874b-ec69a1ec7fdf"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 16-Dec-2023 09:35:38 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2460:u=1:x=1:i=1671183338:t=1671269738:v=2:sig=AQHUBCePb0uLsx-uC3Np8UdAfUIxg7ZC"; Expires=Sat, 17 Dec 2022 09:35:38 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXv7rFDQ8BJw6eoey6wNQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 960D2B513BEF402AB89F21EF93936458 Ref B: OSL30EDGE0310 Ref C: 2022-12-16T09:35:38Z
date: Fri, 16 Dec 2022 09:35:38 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 857c233c12303c504881fe6be8c763ac
f3c9d38f9d2b00d0d0af42b2c7fd0798facb90b7
dca13a7171433f1934346cdbf171275adccc74d9325afc8c80d19f6e0ec50404
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 09:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=396530945&cid=1614153316.1671183335&ul=en-us&sr=1280x1024&_s=1&sid=1671183335&sct=1&seg=0&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=396530945&cid=1614153316.1671183335&ul=en-us&sr=1280x1024&_s=1&sid=1671183335&sct=1&seg=0&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=396530945&cid=1614153316.1671183335&ul=en-us&sr=1280x1024&_s=1&sid=1671183335&sct=1&seg=0&dl=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://czjilce-aqg-6.tk
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://czjilce-aqg-6.tk
date: Fri, 16 Dec 2022 09:35:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=30af9f16-cab5-42ce-be41-844525223a17&sid=fe18a3c07d2411edba152fbffce5b485&vid=fe18c1707d2411eda641bd2898ee8caf&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=219351
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=30af9f16-cab5-42ce-be41-844525223a17&sid=fe18a3c07d2411edba152fbffce5b485&vid=fe18c1707d2411eda641bd2898ee8caf&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=219351
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137022501&tm=gtm002&Ver=2&mid=30af9f16-cab5-42ce-be41-844525223a17&sid=fe18a3c07d2411edba152fbffce5b485&vid=fe18c1707d2411eda641bd2898ee8caf&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=219351 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=29C653598090629502F2412581656313; domain=.bing.com; expires=Wed, 10-Jan-2024 09:35:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 045AC96EB3444E668490866639E0EAE5 Ref B: OSL30EDGE0213 Ref C: 2022-12-16T09:35:38Z
date: Fri, 16 Dec 2022 09:35:38 GMT
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=12419770;type=f_scr0;cat=f_cm_0;ord=3202055518260;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.2200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12419770;type=f_scr0;cat=f_cm_0;ord=3202055518260;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12419770;type=f_scr0;cat=f_cm_0;ord=3202055518260;gtm=2wgbu0;auiddc=265985366.1671183335;~oref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 09:35:38 GMT
expires: Fri, 16 Dec 2022 09:35:38 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
IP 107.154.199.39:0
GET /sso/gsol/pex/en/balat/includes/SSO.CSS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: text/css
set-cookie: AWSALBTG=B/h+ZTpNb0QlzZsrwxiyOUuLkB6IJ1dPgdz5ZxvN4+T7u2ZcNJT6naHyi5a9s4RgXJThBB+RA0B9fzFTF7rtrWO+haiMvtysN//2Bm0rtOVmKyXQ/eOurTqMOrCQ6Y5eKXSS5oH4lDmikZVta+QlF8/nibD/6TsTGCxPXzGp2SKA; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=B/h+ZTpNb0QlzZsrwxiyOUuLkB6IJ1dPgdz5ZxvN4+T7u2ZcNJT6naHyi5a9s4RgXJThBB+RA0B9fzFTF7rtrWO+haiMvtysN//2Bm0rtOVmKyXQ/eOurTqMOrCQ6Y5eKXSS5oH4lDmikZVta+QlF8/nibD/6TsTGCxPXzGp2SKA; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=OLTk999TE9TbsOsmm4mpdk7IV6R4mXRVIpEBYmZKodi1iYOz+XuqLaggSvAQqaVkSHW8vvl08eKBE3smdgiDUk5eM1YLcCzABoTsmV2Si+SXdu7sSe5EHaUobhZn; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=OLTk999TE9TbsOsmm4mpdk7IV6R4mXRVIpEBYmZKodi1iYOz+XuqLaggSvAQqaVkSHW8vvl08eKBE3smdgiDUk5eM1YLcCzABoTsmV2Si+SXdu7sSe5EHaUobhZn; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=G4bqBjRmFB5DNCI4OJREPwAAAABI3LoZEyeP6AVdnFIWRJ54; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=gRvXVEqbSDq+audgiBrYA+g7nGMAAAAASKgJqDmdUeDWmrjrANqNsg==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 62) q(0 0 4 2) r(11 11) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
IP 107.154.199.39:0
GET /sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:36 GMT
content-type: image/jpeg
content-length: 64609
set-cookie: AWSALBTG=XqFJ43W80/9pc+96u4O7aRyxZbGV/hPoK2ZZhVLu7wKGMXMttyeKbnenPC7DCY5LNYnVCXEWgzGAErCFYA8YfvTLb9LUQYljUq7msZJh0krbaFgWXACepdavgCAK0vlgthOlCZ9ao0Bf7AsnhpupU1PFgVgh1i/cy19vVZLOQVzH; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBTGCORS=XqFJ43W80/9pc+96u4O7aRyxZbGV/hPoK2ZZhVLu7wKGMXMttyeKbnenPC7DCY5LNYnVCXEWgzGAErCFYA8YfvTLb9LUQYljUq7msZJh0krbaFgWXACepdavgCAK0vlgthOlCZ9ao0Bf7AsnhpupU1PFgVgh1i/cy19vVZLOQVzH; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
AWSALB=vBhHnQrMiCj0fiu+WpNr1SXOA4ENcIuOQz9r4xnnmV+6KEg6Ii4U6DENmLOpMZ4Es2uBfmq3vnWNyK8b+F3QEWS2W/R1IKMeD89UzQuCbb85yeoPsI+QPBX0ceFN; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/
AWSALBCORS=vBhHnQrMiCj0fiu+WpNr1SXOA4ENcIuOQz9r4xnnmV+6KEg6Ii4U6DENmLOpMZ4Es2uBfmq3vnWNyK8b+F3QEWS2W/R1IKMeD89UzQuCbb85yeoPsI+QPBX0ceFN; Expires=Fri, 23 Dec 2022 09:35:36 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=UZOcFcNB+3XdItXyOJREPwAAAAD653l9KJR8JbmX+rt32b0o; path=/; Domain=.globalsources.com
visid_incap_2766148=ElExwyINTvmVDi4iykL3gec7nGMAAAAAQUIPAAAAAACaOrlIJlvq4FoqKVPnbs1L; expires=Fri, 15 Dec 2023 22:29:37 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=A6icSpvw7lK+audgiBrYA+g7nGMAAAAAbcVj2UT0G+5xDZC361qs2Q==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 13-55892150-55892155 pNNN RT(1671183335658 58) q(0 0 4 1) r(11 11) U2
X-Firefox-Spdy: h2
insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0
3.33.220.150200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0
IP 3.33.220.150:0
GET /track/up?adv=uo3y5o8&ref=http%3A%2F%2Fczjilce-aqg-6.tk%2Fnene%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:39 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
3.33.220.150200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
IP 3.33.220.150:0
GET /track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event} HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://czjilce-aqg-6.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 09:35:39 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2