r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2188
Expires: Sat, 26 Nov 2022 22:07:22 GMT
Date: Sat, 26 Nov 2022 21:30:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5907
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 21:30:54 GMT
Last-Modified: Sat, 26 Nov 2022 19:52:27 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2821
Expires: Sat, 26 Nov 2022 22:17:55 GMT
Date: Sat, 26 Nov 2022 21:30:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 21:17:33 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 801
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fIBhuyXLgVbhU1KsgMTqjOWcDxydreEXGgVQ4QT9NajcHYvbG+67zl5qFkFpVsCl5n86yHyN4GXcOj326m93fw==
x-amz-request-id: XNDXMXRARGG9J04R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 20:44:22 GMT
age: 2792
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ames-store.com/
198.55.28.76301 Moved Permanently 299 B IP 198.55.28.76:0
ASN #59447 Istanbuldc Veri Merkezi Ltd Sti
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f64c8d2f7200c8ef1d28f43031c2cf44
11fbd13c5348c377e0bc29f79e3642d05ea2b4fa
9532ebd013c85cca40720d020f9f929fb6369910df3d8459c903fa841f98c076
GET / HTTP/1.1
Host: ames-store.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 21:30:54 GMT
Server: Apache
Location: https://www.ames-store.com/
Content-Length: 299
Connection: close
Content-Type: text/html; charset=iso-8859-1
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 21:30:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 21:11:12 GMT
cache-control: public,max-age=3600
age: 1182
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2106
Cache-Control: max-age=130263
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 21:30:54 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 09:41:57 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dbe7ea58c842de746b8af65e814e61c4
d260fd05a8327a1f6cffd909ec96ad333ea9212b
56dfeda657521f0ea40e83d9f2d16d5e079649e97a55f2f314edebbdd1a9008e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DFEDA657521F0EA40E83D9F2D16D5E079649E97A55F2F314EDEBBDD1A9008E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21576
Expires: Sun, 27 Nov 2022 03:30:30 GMT
Date: Sat, 26 Nov 2022 21:30:54 GMT
Connection: keep-alive
www.ames-store.com/
198.55.28.76200 OK 2.2 kB IP 198.55.28.76:0
ASN #59447 Istanbuldc Veri Merkezi Ltd Sti
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (500), with CRLF, LF line terminators
Hash 2db0dad8b5c9266d2a68f830e66bc544
6cb4823d831f6393bf3846117aa12dc1dc699b12
ebe7f827c338c317d47abf1a0016888921d7aef8d2f3a1e0e446eabff4bde672
GET / HTTP/1.1
Host: www.ames-store.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:55 GMT
server: Apache
last-modified: Wed, 17 Aug 2022 00:16:33 GMT
etag: "1b4a-5e664c6fb01d9-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2242
content-type: text/html
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.41.201.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.201.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IJzBFmPdgtzTnKDsdR9kGg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3LjwR0OlVhRxSBl67yuApJ6tKQQ=
www.ames-store.com/images/imagehover_18pic.js?v=1660695393
198.55.28.76200 OK 301 B URL HTTP/2 www.ames-store.com/images/imagehover_18pic.js?v=1660695393
IP 198.55.28.76:0
ASN #59447 Istanbuldc Veri Merkezi Ltd Sti
File type ASCII text, with very long lines (1048), with no line terminators
Hash a84e12c0a4e2a51f0cc026312f9ef5c1
08a5c3031b5cf0ceee0291f4e86b704374974644
c7985ffa3054b9415839dc0e8827e59288ab1d06159b6f8bc14db93ca98e7752
GET /images/imagehover_18pic.js?v=1660695393 HTTP/1.1
Host: www.ames-store.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ames-store.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:55 GMT
server: Apache
last-modified: Wed, 17 Aug 2022 00:16:33 GMT
etag: "418-5e664c6fb01d9-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 301
content-type: application/javascript
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f22bdbe005280fe3c53cf1c30f304dea
1123e85f53083b57a19a10e29a15204e709a70f5
82415cc086a2da42bc61540dfbd54e781534c7d94cbf94d0e01f072c12254298
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "82415CC086A2DA42BC61540DFBD54E781534C7D94CBF94D0E01F072C12254298"
Last-Modified: Thu, 24 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3769
Expires: Sat, 26 Nov 2022 22:33:44 GMT
Date: Sat, 26 Nov 2022 21:30:55 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f22bdbe005280fe3c53cf1c30f304dea
1123e85f53083b57a19a10e29a15204e709a70f5
82415cc086a2da42bc61540dfbd54e781534c7d94cbf94d0e01f072c12254298
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "82415CC086A2DA42BC61540DFBD54E781534C7D94CBF94D0E01F072C12254298"
Last-Modified: Thu, 24 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3768
Expires: Sat, 26 Nov 2022 22:33:44 GMT
Date: Sat, 26 Nov 2022 21:30:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19178
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 21:30:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19178
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 21:30:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19178
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 21:30:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19178
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 21:30:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: utbUF-6Z7rMqPNdRKHJyI-IZoyTy6HpkNBY-60xcZ-6NDXBz1XN6-Q==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:40 GMT
age: 85336
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19178
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 21:30:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SRN-oOfa8Z0mQZFYkWAv32XFiXChfGjfwZkfWz-IzHubwrKgzwoTxQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 03:55:38 GMT
age: 63318
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 96437d0cb1ceaffa77124f0dcfeb38cf
3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50
89244601b0a4bc150033e52dc56cf0fbe2846ebba7532c477146258a70783e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7799
x-amzn-requestid: 4b3bf619-fb69-4cfe-b8e7-7de4ea127853
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXADFOvoAMFXQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813866-77f561ae3496d84c75541300;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:49:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lt_7H9W9LVUS5gKPrBF_vGiXg-anP_bGV5izsxPiGhiasy2eBnltuw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:39 GMT
age: 82637
etag: "3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 02:19:43 GMT
age: 69073
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TI0cacek54dPUYW7fYy0xm-1CKdRXZGqBH1vGURakUsBbm-WGcW-vA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:17:55 GMT
age: 83581
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b1c6878914466cfece680fa7cb73502
47fac81a2dd809df5c42ca1362f71d553572d2b1
6458883dfa2bdfd483e92e5f847a229508ef00ce1dbd11f49eec369d0bd3160a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: 4db4ed29-20b4-4ca7-8835-2463d0989d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVFHQYIAMFc4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135b9-613da006118724124e345b29;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qKxrYxVsJWOXAbrn6IpwLycF3rknFLkQeDyKOLq5WyflvTLeUjg_Lg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:18:42 GMT
age: 83534
etag: "47fac81a2dd809df5c42ca1362f71d553572d2b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.fireflower.us/
172.67.207.136200 OK 20 kB IP 172.67.207.136:0
Hash 6edb86b958dbae8ce57f270025e399b8
48752fd740b5712d3e0a9870b6259cc69a5a30b0
c48187eb97d0b2e8f1bf4b120aad53f757098208dbc7d9f2dfea87ac16d7f28b
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET / HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ames-store.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:55 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tDEhFMnQ1IBXXeHOUq9nKKNv1wH%2FCBerTKx9qkoS%2BuA7zV3P0NTgsmtemxM7PhhJwzAFsNe1rMKcTz%2Fg2sQXRbCyYe7lPX3zui5sREuw%2BUNCKvM08%2BvXhrXOYYrSXATEBbx9tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba60eedfb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/ban2.jpg
172.67.207.136200 OK 68 kB URL HTTP/2 www.fireflower.us/images/ban2.jpg
IP 172.67.207.136:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 752x360, components 3\012- data
Hash cea6d750061534462ce8c03c659af7c0
e9f8c155715416448241fc074af1e3c3ae1410e7
2414410ad12b2fac1dc9ad8dd3814b14133deb6b04599b1f998456e5a847c8c3
Analyzer Verdict Alert quad9 Sinkholed
GET /images/ban2.jpg HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: image/jpeg
content-length: 68149
last-modified: Mon, 29 Dec 2014 01:02:10 GMT
etag: "10a35-50b506c8ca880"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2BCbhSoTRIAVLesOJUtTllMAO02WHoU80aRJzqzhLfoZk495X7yBBXDVXsQyha7uC2poGa7NSovYlgGUWsjIaEmwAkco1D84CkItxke4jgdGan4VFXMkl%2BSakVf6lwiI4EZPcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7705ba643aa2b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/ban1.jpg
172.67.207.136200 OK 92 kB URL HTTP/2 www.fireflower.us/images/ban1.jpg
IP 172.67.207.136:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 752x360, components 3\012- data
Hash 1ff14044e217a68053dd43b18bc9a7c8
cbac5c5c1954e241cfa1479a608114990b50388d
cee6aa7847e93824fa33ba8e829c02299302da4eb2d754c1dd22d7ecfdd95ed3
Analyzer Verdict Alert quad9 Sinkholed
GET /images/ban1.jpg HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: image/jpeg
content-length: 91473
last-modified: Mon, 29 Dec 2014 01:02:18 GMT
etag: "16551-50b506d06ba80"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hthg2OyXMPO8fFaaJJSMjqM4QoMxE%2FpsmhjdU1x3OtcZ6%2FeSNT5zWd%2FWVG%2BtPsXYmRp230Fj%2BH8vB3mEMc68S04DZzDCVVXRmD9azbPfKvgNZl3kp%2FnCQ1AMwW5iW7IxMlNQUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7705ba643aa1b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/ban3.jpg
172.67.207.136200 OK 57 kB URL HTTP/2 www.fireflower.us/images/ban3.jpg
IP 172.67.207.136:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 752x360, components 3\012- data
Hash 8295abaf683717c210b045b7a5aca843
c523cd9d272cc0c634ea7cfdfd192e3dff157265
cd141aaafa6a62687adcf6b9d44a23c3f492b39bc22ec88d85883625999e19ed
Analyzer Verdict Alert quad9 Sinkholed
GET /images/ban3.jpg HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: image/jpeg
content-length: 57012
last-modified: Mon, 29 Dec 2014 01:02:38 GMT
etag: "deb4-50b506e37e780"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glOeZusLeFZYu63zeStH50zl4w2QiPEzbmZIajjqXo5erMc6rwSxsRME3sJyLTj0kToDpmUxtrRVgvPcdNRObM2lmsZILEb%2FS6KRNs5NZ68M2dg%2BcFGZ8ZSu9U%2FIvLCSI7IOwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7705ba643aa3b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/ban4.jpg
172.67.207.136200 OK 102 kB URL HTTP/2 www.fireflower.us/images/ban4.jpg
IP 172.67.207.136:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 752x360, components 3\012- data
Size 102 kB (101832 bytes)
Hash 1ea6abce8e793a6400c469f821c79ed1
94dd1b1ce0398c12f6587096963230b4ebb1a2e7
0b26d55339414f7e36a42d7c43273b711780f240f7e367dcada7121fdab0743c
Analyzer Verdict Alert quad9 Sinkholed
GET /images/ban4.jpg HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: image/jpeg
content-length: 101832
last-modified: Mon, 29 Dec 2014 01:02:30 GMT
etag: "18dc8-50b506dbdd580"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i8fYikzBroVIdIrDATy4FEiD8r%2FZdBZUuxJotht05yM5Zw8%2B2s2jsW07rCeSg%2FS4Qb9MqvQdwf8%2FXIMYsrY5%2B5NL3HKw7qUh4rYxsQZghlJ210kxoMxP8G2aD%2FTuX6N4z2uqYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7705ba643aa9b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/stylesheet_cart_checkout.css?vv
172.67.207.136404 Not Found 15 kB URL HTTP/2 www.fireflower.us/css/stylesheet_cart_checkout.css?vv
IP 172.67.207.136:0
Hash 9b2f5e07b357621f5750e7195cb75714
ecb1c1bc03f416700677fd1bc939ec65a446a7cd
b68fb42a6e83a0c8aa4dc600aa4ae5b6a820f66ca4213389e569a3229fc2fba8
Analyzer Verdict Alert quad9 Sinkholed
GET /css/stylesheet_cart_checkout.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYfp0FTT2vlmPmhxtkCdSN5mLVHAlPX6eKOKyJnmeBiYXKYyU15iI0prjdPACCRNfahUPEbZzPoj%2BmBl4LURlYhZangVwOXZNbKyRxAj5ugBgXeU8bVh89uDCQdRwp%2BfF5EA3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a81b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_605&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=85508387
23.36.79.25200 OK 13 kB URL HTTP/1.1 ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_605&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=85508387
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash 8ef5ac7fef5c609342a2db93869223d3
6081f0ab8bdbe9c37d4d3fd3899555b278080899
c8f3cdc8580e5c326771917f812bb3674da80986f132abb6d9b55944c9f4913e
GET /ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_605&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=85508387 HTTP/1.1
Host: ctrlitb.rightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Last-Modified: Mon, 20 Jun 2022 06:31:59 GMT
Accept-Ranges: bytes
Expires: Sat, 26 Nov 2022 21:30:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 21:30:57 GMT
Connection: keep-alive
Set-Cookie: __cust=AAAAAGOChZGf1lNKuj94Ag==; expires=Sun, 26-Nov-23 21:30:57 GMT; domain=ctrlitb.rightinthebox.com; path=/
ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_604&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=32526829
23.36.79.25200 OK 0 B URL HTTP/1.1 ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_604&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=32526829
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_604&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=32526829 HTTP/1.1
Host: ctrlitb.rightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Last-Modified: Fri, 08 Jan 2021 06:04:17 GMT
Accept-Ranges: bytes
Expires: Sat, 26 Nov 2022 21:30:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 21:30:57 GMT
Connection: keep-alive
Set-Cookie: __cust=AAAAAGOChZFqYjkZtoUTAg==; expires=Sun, 26-Nov-23 21:30:57 GMT; domain=ctrlitb.rightinthebox.com; path=/
ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_107&entity=global_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=75525170
23.36.79.25200 OK 13 kB URL HTTP/1.1 ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_107&entity=global_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=75525170
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash 4f021f00cb59441495bbf8c20821e03b
79999f3a89b81dc1eda9f230c7aa01442eaf3ddc
ccd176295154ceb27535c2df8427ce4cce5f22079172bd45b55be6f3aab81206
GET /ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_107&entity=global_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=75525170 HTTP/1.1
Host: ctrlitb.rightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Last-Modified: Mon, 20 Jun 2022 06:31:59 GMT
Accept-Ranges: bytes
Expires: Sat, 26 Nov 2022 21:30:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 21:30:57 GMT
Connection: keep-alive
Set-Cookie: __cust=AAAAAGOChZGf1lNKuj96Ag==; expires=Sun, 26-Nov-23 21:30:57 GMT; domain=ctrlitb.rightinthebox.com; path=/
ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_602&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=33480247
23.36.79.25200 OK 0 B URL HTTP/1.1 ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_602&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=33480247
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_602&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=33480247 HTTP/1.1
Host: ctrlitb.rightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Last-Modified: Fri, 08 Jan 2021 06:04:17 GMT
Accept-Ranges: bytes
Expires: Sat, 26 Nov 2022 21:30:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 21:30:57 GMT
Connection: keep-alive
Set-Cookie: __cust=AAAAAGOChZFqYjkWYsvKAg==; expires=Sun, 26-Nov-23 21:30:57 GMT; domain=ctrlitb.rightinthebox.com; path=/
ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_603&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=31303194
23.36.79.25200 OK 0 B URL HTTP/1.1 ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_603&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=31303194
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_603&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=31303194 HTTP/1.1
Host: ctrlitb.rightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Last-Modified: Mon, 20 Jun 2022 06:31:59 GMT
Accept-Ranges: bytes
Expires: Sat, 26 Nov 2022 21:30:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 21:30:57 GMT
Connection: keep-alive
Set-Cookie: __cust=AAAAAGOChZGf1lNKuj97Ag==; expires=Sun, 26-Nov-23 21:30:57 GMT; domain=ctrlitb.rightinthebox.com; path=/
ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_601&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=66941845
23.36.79.25200 OK 13 kB URL HTTP/1.1 ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_601&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=66941845
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash ac509d2cb876018911435de071459172
e51c2f2ffd1ba0172ec817319fdac79ce913b972
3c60d10541d2c6b116cea3e8ce951b6457bcae5421194fc1430a35d5330afa7f
GET /ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&area=ad_postion_601&entity=c_image&ad_type=public&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=66941845 HTTP/1.1
Host: ctrlitb.rightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Last-Modified: Fri, 08 Jan 2021 06:04:17 GMT
Accept-Ranges: bytes
Expires: Sat, 26 Nov 2022 21:30:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 21:30:57 GMT
Connection: keep-alive
Set-Cookie: __cust=AAAAAGOChZFqYjkWYsvMAg==; expires=Sun, 26-Nov-23 21:30:57 GMT; domain=ctrlitb.rightinthebox.com; path=/
ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=13644324
23.36.79.25200 OK 0 B URL HTTP/1.1 ctrlitb.rightinthebox.com/ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=13644324
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ctr_tracking.php?action=SHOW&__cust=null&lc=en&mp=index&abTestType=ATest&akamai_feo_test=B&products_desc_photo_test_key=ATest&head_logo_test_key=ATest&super_tab_test_key=ATest&super_top_banner_test_key=BTest&product_return_test_key=BTest&product_info_third_store_test_key=ATest&country=US¤cy=USD&rk=13644324 HTTP/1.1
Host: ctrlitb.rightinthebox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 0
Last-Modified: Mon, 20 Jun 2022 06:31:59 GMT
Accept-Ranges: bytes
Expires: Sat, 26 Nov 2022 21:30:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Nov 2022 21:30:57 GMT
Connection: keep-alive
Set-Cookie: __cust=AAAAAGOChZGYQlNLd9Z4Ag==; expires=Sun, 26-Nov-23 21:30:57 GMT; domain=ctrlitb.rightinthebox.com; path=/
js.users.51.la/19162019.js
103.143.19.103200 OK 2.5 kB URL HTTP/1.1 js.users.51.la/19162019.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type HTML document, ASCII text, with very long lines (5207)
Hash 1ebb77ff0cea3433dc9ccca76784ae1f
37244e6badc99099b1c8dca02cae76a55d19e904
6694cc112560e126d17549482e996b18f40c69b064ae89433805e422e8fedc74
GET /19162019.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Sat, 26 Nov 2022 21:30:57 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=2d58c2c570709d68652; path=/
HWWAFSESTIME=1669498253175; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 5ef067c183a4e6a517067430c5a000d2
265bb86470828cc7dd328e073d4cc5c1427fb99d
634a74fc3719d3fb6d30dd7f1fe5766538fc020b21b78d0c1b2b1bc34cbd3df9
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 21:30:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 30 Nov 2022 18:19:33 GMT
ETag: "265bb86470828cc7dd328e073d4cc5c1427fb99d"
Last-Modified: Sat, 26 Nov 2022 18:19:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3321
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7705ba74c9c2b506-OSL
ia.51.la/go1?id=19162019&rt=1669498257916&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1669498257916&tt=Wholesale%2520-%2520Shoes%252C%2520Clothing%252C%2520Home%2520~_~amp%253B%2520Garden%252C%2520Toys%2520~_~amp%253B%2520Sports%2520Wedding%2520Dresses&kw=&cu=https%253A%252F%252Fwww.fireflower.us%252F&pu=https%253A%252F%252Fwww.ames-store.com%252F
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=19162019&rt=1669498257916&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1669498257916&tt=Wholesale%2520-%2520Shoes%252C%2520Clothing%252C%2520Home%2520~_~amp%253B%2520Garden%252C%2520Toys%2520~_~amp%253B%2520Sports%2520Wedding%2520Dresses&kw=&cu=https%253A%252F%252Fwww.fireflower.us%252F&pu=https%253A%252F%252Fwww.ames-store.com%252F
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=19162019&rt=1669498257916&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1669498257916&tt=Wholesale%2520-%2520Shoes%252C%2520Clothing%252C%2520Home%2520~_~amp%253B%2520Garden%252C%2520Toys%2520~_~amp%253B%2520Sports%2520Wedding%2520Dresses&kw=&cu=https%253A%252F%252Fwww.fireflower.us%252F&pu=https%253A%252F%252Fwww.ames-store.com%252F HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: CloudWAF
Date: Sat, 26 Nov 2022 21:30:59 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=360583409a399e108e7; path=/
HWWAFSESTIME=1669498257260; path=/
server.iad.liveperson.net/hcp/html/mTag.js?site=2383438
162.252.73.8200 OK 18 kB URL HTTP/1.1 server.iad.liveperson.net/hcp/html/mTag.js?site=2383438
IP 162.252.73.8:0
Hash def739a9b7259aed34c75bd549e59e49
57033c7fa87f75537db049f29f8821d208287d76
3d6b6eee4e6bfeed58d3ad23159ad229deedd8ca20e25cced6a23cf1b7a9ceac
GET /hcp/html/mTag.js?site=2383438 HTTP/1.1
Host: server.iad.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Wed, 16 Sep 2015 19:55:44 GMT
Accept-Ranges: bytes
ETag: "0a0eacb9f0d01:0"
Server: WS
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Access-Control-Allow-Methods: GET, POST, PATCH
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Date: Sat, 26 Nov 2022 21:30:58 GMT
Content-Length: 17753
server.iad.liveperson.net/hc/2383438/?&site=2383438&cmd=mTagKnockPage&lpCallId=366208010053-919998471766&protV=20&lpjson=1&id=6121657852&javaSupport=false&visitorStatus=INSITE_STATUS
162.252.73.8302 Moved Temporarily 4 B URL HTTP/1.1 server.iad.liveperson.net/hc/2383438/?&site=2383438&cmd=mTagKnockPage&lpCallId=366208010053-919998471766&protV=20&lpjson=1&id=6121657852&javaSupport=false&visitorStatus=INSITE_STATUS
IP 162.252.73.8:0
File type ASCII text, with CRLF line terminators
Hash cb492b7df9b5c170d7c87527940eff3b
66928e6cbb59c3a3bce606959ef4a865fe04e642
dba5166ad9db9ba648c1032ebbd34dcd0d085b50023b839ef5c68ca1db93a563
GET /hc/2383438/?&site=2383438&cmd=mTagKnockPage&lpCallId=366208010053-919998471766&protV=20&lpjson=1&id=6121657852&javaSupport=false&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Location: https://sales.liveperson.net/hc/2383438/?&site=2383438&cmd=mTagKnockPage&lpCallId=366208010053-919998471766&protV=20&lpjson=1&id=6121657852&javaSupport=false&visitorStatus=INSITE_STATUS
Server: WS
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Access-Control-Allow-Methods: GET, POST, PATCH
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Date: Sat, 26 Nov 2022 21:30:59 GMT
Content-Length: 4
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f700a34fbaa5509fc98fa3e192f57174
1c2a4dbc974d066d387f71087f112dabf702be66
2fa1bb4c30ef1a1b899997a8038f2a4a4320117ce3c42e81475d143d5f110250
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 21:31:00 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:43:25 GMT
Expires: Sat, 03 Dec 2022 15:43:24 GMT
Etag: "1c2a4dbc974d066d387f71087f112dabf702be66"
Cache-Control: max-age=583343,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7705ba80f9370b02-OSL
sales.liveperson.net/hc/2383438/?&site=2383438&cmd=mTagKnockPage&lpCallId=366208010053-919998471766&protV=20&lpjson=1&id=6121657852&javaSupport=false&visitorStatus=INSITE_STATUS
162.252.74.5200 OK 150 B URL HTTP/1.1 sales.liveperson.net/hc/2383438/?&site=2383438&cmd=mTagKnockPage&lpCallId=366208010053-919998471766&protV=20&lpjson=1&id=6121657852&javaSupport=false&visitorStatus=INSITE_STATUS
IP 162.252.74.5:0
File type ASCII text, with no line terminators
Hash 14d8c11b3481c68b088caf8c5f9e00b4
4b151ca47f9a6a011b12c74c917634be2d57a6c0
a737dc7c1ccb0006b0e6fdf923ee2b20b7a4a457d8d9d75109fcb4a06a106f8a
GET /hc/2383438/?&site=2383438&cmd=mTagKnockPage&lpCallId=366208010053-919998471766&protV=20&lpjson=1&id=6121657852&javaSupport=false&visitorStatus=INSITE_STATUS HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.fireflower.us/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 150
Content-Type: application/x-javascript
Server: WS
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Access-Control-Allow-Methods: GET, POST, PATCH
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Date: Sat, 26 Nov 2022 21:30:59 GMT
www.fireflower.us/images/jscript_jquery-1.4.4.min.js?ve
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/images/jscript_jquery-1.4.4.min.js?ve
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /images/jscript_jquery-1.4.4.min.js?ve HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: application/javascript
last-modified: Mon, 19 Jun 2017 01:29:48 GMT
etag: W/"133b0-5524612135b00-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLG4qcPevCAv3mZOJvrZOeLUQ6QLwkK3qbpGCku1PAz%2BZpKEglpis1CfOqhSSQWSyyMeShSmXQoh%2BrKYtuy%2BEsfSM3fl4bpGNP%2FETD2jA9k%2Bum6ip0HTHdCHeDMHYI38ybNF3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a88b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/main_6a9c2d30401c37c2.css?vv
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/css/main_6a9c2d30401c37c2.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert quad9 Sinkholed
GET /css/main_6a9c2d30401c37c2.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/css
last-modified: Thu, 16 Jul 2015 03:25:26 GMT
etag: W/"2fb26-51af59f54d580-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RmgSwcdin%2FgQQU18crhun7S5hEoW%2BwQ9DNt8QZFocj3OxeF%2FYFHzVVRDEuEgYP4QsovKx1pd%2Fiz4NckB7r9YTxmw5TLzmHtpoCNyj0OMYJjq%2FAn4kIwx2t6%2Bedo3rwVXnxkrSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba643a92b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/stylesheet.css?vv
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/css/stylesheet.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /css/stylesheet.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/css
last-modified: Mon, 23 Dec 2013 09:53:42 GMT
etag: W/"2f0e-4ee309a55d580-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4peeaDSeDnssQjA69xZQ%2Blahil4%2B3OPbWYcMe69BDPWOTUky1L5aXQVQNxYHZScL%2BS3wFgPBVjO81VgvbUlqYdO0gyLJFVQK52aF2daQqu6HTGz6Pht%2BlfOpaiiPes7BRCgklw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a7eb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/css.css?vvv33
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/css/css.css?vvv33
IP 172.67.207.136:0
Analyzer Verdict Alert quad9 Sinkholed
GET /css/css.css?vvv33 HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/css
last-modified: Thu, 20 Jan 2022 02:25:54 GMT
etag: W/"1884-5d5fa38bcf080-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htdjAabSvqDO2IKHFXJIqiqwzQQFpsj2wrZPa4m3VYM6cNjXryTzrBfH%2FTlaO7Bw07r0q9P0Nfn53SSNYjdS0jjVaOdeMQEvBeMPD3Y%2F%2FhFCPRDoaRDTFAUHd47eHoOuZhE%2F%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a7cb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/default_b7cd4e297a6b8953.css?vv
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/css/default_b7cd4e297a6b8953.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert quad9 Sinkholed
GET /css/default_b7cd4e297a6b8953.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/css
last-modified: Mon, 29 Dec 2014 01:04:04 GMT
etag: W/"4975-50b5073582900-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PnuDj3oWucKOKUy%2BqAxpZWeul3%2BT0agGf%2Bjp463vLJy%2FZhJtdIT6oISuLvFtLllyeYIIC0h%2Faceu1mRdxFI9LNQ%2Fbunr8xYlEMM7cQP42L1nFUZZ96jdgqrFhf6Zt%2FNsocexw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba643a94b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/mTag.js?ve
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/images/mTag.js?ve
IP 172.67.207.136:0
Analyzer Verdict Alert quad9 Sinkholed
GET /images/mTag.js?ve HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: application/javascript
last-modified: Mon, 29 Dec 2014 00:53:14 GMT
etag: W/"449c-50b504c99f280-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00%2FI%2FyYr0PIPCIdCgl8lqeZXLqmql2sIioXjI539G3N6U1f%2BoFLEChs8UmrLVr%2B0v54bg1cxvVPdW5xWsXRnE9RJ4j0v96ydHFAe3MvCU3bo8I%2FPLUJIAB6AkxH8a3YKcMYJWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba643a9eb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/stylesheet_news.css?vv
172.67.207.136404 Not Found 0 B URL HTTP/2 www.fireflower.us/css/stylesheet_news.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert quad9 Sinkholed
GET /css/stylesheet_news.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IWv8ddvd3gOtAX98LOa%2FU8Xnmf1XOd3H%2BKHOmHL12%2FTNACM4F9fbbmXkn%2FD89sv04ZYayixk3RWu%2F3yA7IA2kNINklzHtReE%2FmW4YefD4sjz4MAY76KhOEOdzPxCrHKqko2pGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a82b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/jquery.min.js
172.67.207.136404 Not Found 0 B URL HTTP/2 www.fireflower.us/jquery.min.js
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /jquery.min.js HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0hmCt5DM0OnpjNFuM83%2BUkvmpcaxH0Nqfgwc0lXcwTnCFCeJw8DNeeItitG2guiN7lUwd8L3%2FvXSF4dWQ%2FZmxvVs%2BTLTIHVAbEdnYYOtiRz%2FajSuTANOotveu%2FwvhGmAcOpW7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba641a74b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/jquery.min.js?ve
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/images/jquery.min.js?ve
IP 172.67.207.136:0
Analyzer Verdict Alert quad9 Sinkholed
GET /images/jquery.min.js?ve HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: application/javascript
last-modified: Mon, 19 Jun 2017 02:00:04 GMT
etag: W/"16eaf-552467e515100-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=if7Jo5wXi258AtHNTex7KHBspxrugomp0uCz%2BeK3O7ycfmu5Ap6mqXQzvXhIJessso2jF69FBWntEx2Yd42%2B38wZvhlL60Wz7F393wgEPkmvJZ8WbyQCPYyTbMPW4VcqFONHVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a7bb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/stylesheet_attributes_button.css?vv
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/css/stylesheet_attributes_button.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /css/stylesheet_attributes_button.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/css
last-modified: Sun, 26 Sep 2021 09:22:38 GMT
etag: W/"315-5cce285803380-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0zFHcjK%2FXgLvF%2B4C4zRSsDHbUFusxIhoS07nPox2tY6ZzWNrkxQh3Cuuv8c5UKMHlY%2B7tPbgjQhpXqPn%2BPc2nOrFCF4STDsbDM%2BX4wRi7Ui1pL4hcW17ZNkQuqH9h1JI0gY%2F0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a7fb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/jscript_time.js?ve
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/images/jscript_time.js?ve
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /images/jscript_time.js?ve HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: application/javascript
last-modified: Mon, 19 Jun 2017 01:29:54 GMT
etag: W/"490-55246126ee880-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dumadwBes6lZLCoJuLDvMzp%2BbMC2p58kDPYmAwvL%2F12NkHGplpH8t022LUl5PS3MHq0rJCQjPXfDPnFZyh%2B1Gim%2BzRbxEHBS4g7ZwNq8E9Vmi1x2UewH%2FTP70d66MXABgxY%2BMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a8cb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/en_dc43623a3c6fd415.css?vv
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/css/en_dc43623a3c6fd415.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /css/en_dc43623a3c6fd415.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/css
last-modified: Mon, 29 Dec 2014 01:03:14 GMT
etag: W/"18df-50b50705d3880-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MhDQ9xit5SStoaDxIdCRW76BNY%2BRi9k%2Fk%2FY2rmr73EnkeZYoDmdsBhJgingCyon%2BBeEd5C6d3Z8azXR1In8urVHMRnMmVugQEwLxtxxT1gyLvyDRtwqlAfDfg6ksyPa5%2BjSQkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba643a96b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/stylesheet_time.css?vv
172.67.207.136404 Not Found 0 B URL HTTP/2 www.fireflower.us/css/stylesheet_time.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert quad9 Sinkholed
GET /css/stylesheet_time.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Babh1QhBMQKzmTcfZet6rf8PszTPmPlrioGHz7KHdne8eNt%2BZMe%2Bh1D2saKfsjoWJiVEY8k9bznC0Sy%2FxtHNrZ0DA9HRNSsg%2FGpK1lwPCjmeL0G02AG3rcE5ZVh%2B7Ui%2Fy%2B8qA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a84b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/css/style_dynamic_filter.css?vv
172.67.207.136404 Not Found 0 B URL HTTP/2 www.fireflower.us/css/style_dynamic_filter.css?vv
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /css/style_dynamic_filter.css?vv HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6YvDs8b5Xktm5uNUrgrOtzwUQTTcRoGiBtsyAGwmn17lGbTmHeYxfm8oYefEicYVOCVLMxW0dvmz%2BE7j5KmQ3qO%2BUElRWjTFkv574iicNxZfsn3UTj7Z9Fz%2BOciMUPBfjQaVsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a7db512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/LITB_c0_76306_3_gt_666666_en.jpg?1
172.67.207.136404 Not Found 0 B URL HTTP/2 www.fireflower.us/images/LITB_c0_76306_3_gt_666666_en.jpg?1
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /images/LITB_c0_76306_3_gt_666666_en.jpg?1 HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94sh8claCa%2Bp8LK8aeN8JUGoonXN2QClm5OzHqbYl8UOnv6zkef4QAgcziA5yUO5wjQQw1tfj%2BKtKdW3wVgmMq%2B4p1WGcnsIt8Do4lB%2BpLXMvdEgmEY9oaVXUT61Q06%2FOFXjTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba643aa0b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/jscript_jquery_attributes_button.js?ve
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/images/jscript_jquery_attributes_button.js?ve
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /images/jscript_jquery_attributes_button.js?ve HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: application/javascript
last-modified: Mon, 19 Jun 2017 01:29:50 GMT
etag: W/"11a-552461231df80-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BgPKP%2FsN4cLq%2BzjrEE8vYqtLSw4XruktaHXe3auZXg6o5iaNlRyQqj4XMwaN6dfsswg5ARBJka2XQrte%2BcSQMU9XTPwXgIuYItTWlq7eFkJidxdEg8yibEdW%2BwvkWMcf9mSuEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a8bb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/jscript_xjquery_check_attr.js?ve
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/images/jscript_xjquery_check_attr.js?ve
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /images/jscript_xjquery_check_attr.js?ve HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: application/javascript
last-modified: Mon, 19 Jun 2017 01:29:56 GMT
etag: W/"1e6-55246128d6d00-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sh3N44E9PLn5khkX%2BwkqHQZWb1tmz2wqM9L82wgeURDg9JwH6%2B4XntpBdF7PZGbzUVyX3km1PD6yukhcxFKoNIiQNMRYjHdUfAO5ebCjA26a%2FnsCbjfbcSMXtEKOQ%2FpubmZHMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba642a8db512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.fireflower.us/images/jquery.1.9.0.min_1007b43b90d797fc.js?ve
172.67.207.136200 OK 0 B URL HTTP/2 www.fireflower.us/images/jquery.1.9.0.min_1007b43b90d797fc.js?ve
IP 172.67.207.136:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /images/jquery.1.9.0.min_1007b43b90d797fc.js?ve HTTP/1.1
Host: www.fireflower.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fireflower.us/
Cookie: PHPSESSID=hhbj2141nsoaae7t1rqvsv8jj5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 21:30:56 GMT
content-type: application/javascript
last-modified: Mon, 29 Dec 2014 00:55:50 GMT
etag: W/"16b0e-50b5055e65180-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ui66WpTXHCJwLlUGObIWowg79zIuePb2zCcOYrkTengChfGGTFtYyKm46k98TnN%2FF9Niu%2B9P0Yt8nQtiTvZLeyzKh93QMsBdvyI3NgTcQqvogeR5DdbTPoJk3JEqIBhhbZzc4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7705ba643a98b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2