r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4c9ec202b798d350b6582220b7bb8457
d16ca24cd60b349231ad06fa5db32f54a3bc9e09
df036d315a613ac6396b77afb0a4ea5f793091786be0cbf3f3a0d043bc1d1d3c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF036D315A613AC6396B77AFB0A4EA5F793091786BE0CBF3F3A0D043BC1D1D3C"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3012
Expires: Thu, 27 Oct 2022 20:35:40 GMT
Date: Thu, 27 Oct 2022 19:45:28 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 221b3fe9a6458de64d8bbfcd4a8e2f36
988c93428ff15108d46a11865e1c7e2782fbae34
a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5510
Cache-Control: max-age=141451
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:28 GMT
Etag: "635a4fdd-1d7"
Expires: Sat, 29 Oct 2022 11:02:59 GMT
Last-Modified: Thu, 27 Oct 2022 09:31:09 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22eebb819dc140cc288474d9891526b4
45c18772664e9e3efb6a44d7da93699c81f71827
ce6a96e470dbfb48ff42fdaf5eaa464a87dc60b495e3e2767086ec0b6564fdd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6A96E470DBFB48FF42FDAF5EAA464A87DC60B495E3E2767086EC0B6564FDD7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12327
Expires: Thu, 27 Oct 2022 23:10:55 GMT
Date: Thu, 27 Oct 2022 19:45:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ssXn3JWy0SSHdbquzdymGa0RUJcpp3OTJkGXQg8tOTtZW2peGJ9E+Kmwsf0YGIX1CYdC6o+yrWw=
x-amz-request-id: 6Z6FB9VFMGJSVAMK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 27 Oct 2022 19:09:57 GMT
age: 2131
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:45:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
notescreatecashflow.com/
162.241.31.17301 Moved Permanently 0 B IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 27 Oct 2022 19:45:28 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
X-Redirect-By: WordPress
Set-Cookie: shield-notbot-nonce=018d639258; expires=Thu, 27-Oct-2022 19:45:43 GMT; Max-Age=15; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://notescreatecashflow.com/
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d72d2f5d05f03753594e43fd34398221
ac6795c1c33f3fa2139e7f8dc601c3e6de6029a5
036c965156cf07faecc342cb2e30b7a20def68ad4a10423951ce871a7a3a6777
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4563
Cache-Control: max-age=135443
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:29 GMT
Etag: "635a3c19-1d7"
Expires: Sat, 29 Oct 2022 09:22:52 GMT
Last-Modified: Thu, 27 Oct 2022 08:06:49 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.163.147.190101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.147.190:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qBoEQeGMpCtvNfiBK8py9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GffLCMIiQE29xssGfYRbww+wTzc=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4b4b395acee897e41f935471d7a2ae3e
725db8de0715d5ad983b54abcaf90763242b7bf4
140fb6a12dd7f72ca2c564fe1178ea59450e6f74e3e6b9851cd25b5a93311f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "140FB6A12DD7F72CA2C564FE1178EA59450E6F74E3E6B9851CD25B5A93311F2A"
Last-Modified: Wed, 26 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21532
Expires: Fri, 28 Oct 2022 01:44:21 GMT
Date: Thu, 27 Oct 2022 19:45:29 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4cdf16c5333628708fae7b304303fc48
23654b66838aa89e8b975a9e6c0251d2f8f18366
6f3935f102b0dcfee703eb07abcf04d9181fdfe13fae4d7566aed743a00beb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-111717911-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-111717911-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash 623cbc365db5805b5a40c9784600d5de
47148914c220d815046d80867a06273952ee3dc4
c36e2d6729dc7ceba4196e2152d874e2969476acd435ed991526374664a8830f
GET /gtag/js?id=UA-111717911-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 27 Oct 2022 19:45:30 GMT
expires: Thu, 27 Oct 2022 19:45:30 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44626
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:45:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:45:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2193431d88baf9af6829421cd13743ff
a192ab139ad0dc5cf206986eb06028ddad224e46
c535e09fb4a53ca580f5f5926d1494c50b6ad6c7c9ec78df6b7015213852b737
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9720
x-amzn-requestid: 6b4749ca-bcb9-4274-a309-e6d463851a6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aV_n6FOSIAMFroA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63524632-56186f1f2a0bf68f6dba843b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 07:11:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DjRLNrY4BFc3GwHGBW40LIyh-RYT3hshdKPxXok4KE97fGvatXN6yQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 11:05:53 GMT
age: 31177
etag: "a192ab139ad0dc5cf206986eb06028ddad224e46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ded5eb41644bfe7ea87cff5ab0d79f0
9b13eca2d768277b92c05a8a82743018489783a6
3de7fcc3e9c8a107e4c5d6e59506ec71e68129a8351e47af63930873775ac3f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15768
x-amzn-requestid: ab678277-5d12-4ae2-9af7-f15fab294657
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRoclEbBoAMFz9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63508783-344a14d17bfcd6b12ffe02b0;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 23:25:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AgS3Yq-WCRRnFvCxMcwq13lQz8cGvvdwZ51C3H0szmB0iyZLb9mf-A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:58:12 GMT
age: 78438
etag: "9b13eca2d768277b92c05a8a82743018489783a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 00:44:24 GMT
age: 68466
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c92c49279a7704d715e50836676d1abb
3092b4dbd87f7e5a2eff65c463da9c5103ff748a
6941145d63e68abf0f20081517faa4082eed3c59f8b8a69066f70b29d90fd355
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4709
x-amzn-requestid: c2923a57-57c4-4d62-83bc-e4c8b61aa2bd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocuiGeeIAMF9Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7f6-7e47cfe804e333cc540f162a;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: M72Vjcyc06ihmWcqr2_Xrk8dGcC5pCoDidg5rhtRkVddavcUFE6G6w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:47:37 GMT
etag: "3092b4dbd87f7e5a2eff65c463da9c5103ff748a"
content-type: image/jpeg
age: 79073
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e307787eef6193fe4988367feb5e07d9
f50d8270aeb43fb15457d961f925cf2b38060240
d69ba1c958614a831462b81a046bb6a59e353db0b63d23b060b84df124057452
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 25249b1e-6ef4-432c-b370-a645259c0727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aoeDVHAyIAMFo9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359aa15-73f252de0cc8d8246183f658;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:43:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V7UFjzwuVqIZJiJg_Q3BWuSd8B_aghBauo7NYg2EYT3MDme-jggsYA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 22:11:54 GMT
age: 77616
etag: "f50d8270aeb43fb15457d961f925cf2b38060240"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27838ba1a0dc8484cc39e787b1e35c24
317f858e36816c2605e0ca91fd7ba60896bc082d
f5b148a13cdcdf31e83ba5db3da139f581778d8b843b8f59ab0c9f08990d0374
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6306
x-amzn-requestid: c5a693a2-df65-4c7a-a755-133e0dbf14e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apW_tHDGoAMFp2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a0531-72afd432100cd0117ec18934;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 04:12:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NHW-9SOjQC6lVwPls0OvxKPmyyvXjVp-k6Ht5Jhn6MHbu4lAXbvo-Q==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 04:38:42 GMT
age: 54408
etag: "317f858e36816c2605e0ca91fd7ba60896bc082d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4cdf16c5333628708fae7b304303fc48
23654b66838aa89e8b975a9e6c0251d2f8f18366
6f3935f102b0dcfee703eb07abcf04d9181fdfe13fae4d7566aed743a00beb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
notescreatecashflow.com/wp-content/plugins/gallery-videos/CSS/ts-vgallery-block.css?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 356 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/gallery-videos/CSS/ts-vgallery-block.css?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 5c612b04dc573a84643b2bdfe1df2a1c
d1bdbf018a38699988e61c60b1444fa698c8d4b9
3eddadaa8b0c4edafc83390e30fe020db26eb9da36a6208ec3e91a06e3d52ceb
GET /wp-content/plugins/gallery-videos/CSS/ts-vgallery-block.css?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 22 Oct 2022 10:21:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 356
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/style.min.css?ver=3.9.2
162.241.31.17200 OK 17 kB URL HTTP/2 notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/style.min.css?ver=3.9.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (63070), with CRLF line terminators
Hash 9b282959d04287f1e6f372fcf7703c14
d59792fd52f4267955f9c17a3f4a0a31350f19fb
651b13876ef88ef04a8ac0dbb78c01b4a4dcc30906f5b3c07b74725400c18db6
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/astra/assets/css/minified/style.min.css?ver=3.9.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 10 Sep 2022 13:34:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 17088
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f046e6113dd1e5e499c765516be08b17
c2253055e09b46209469853cad8720e64f84a1bf
18663a8f0b5d4d7581b771da6c2dc897bc2b82d51d7dac1a56d22f9bebab6fb3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
notescreatecashflow.com/wp-includes/js/wp-emoji-release.min.js?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 4.9 kB URL HTTP/2 notescreatecashflow.com/wp-includes/js/wp-emoji-release.min.js?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11272)
Hash d357bf65a33b527651ede445f3cc2fb7
0b1af6c31af2583294d25a5269b73c9eceb24851
86f79b7820407cf77a47da5f70b2406efdd9521e1c2c664641f22b6d9a9fd0d4
GET /wp-includes/js/wp-emoji-release.min.js?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Apr 2021 11:16:18 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4942
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6c1f112789ca0cdd47c70e1f39138213
97fb7320aedcd44765a7a299d6cb925cfa2d53e5
7c946046e9043422e824eb60cabffbd26a04458a1c3bb31c70e2c7262d61f4c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2635
Cache-Control: max-age=87464
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:30 GMT
Etag: "63598837-116"
Expires: Fri, 28 Oct 2022 20:03:14 GMT
Last-Modified: Wed, 26 Oct 2022 19:19:19 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=3.9.2
162.241.31.17200 OK 468 B URL HTTP/2 notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=3.9.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3412), with no line terminators
Hash f88a6a529851c8ed1ffe2bd83219e490
597ff167b702900ee4473e31e390808b8de95664
ae20c6ea52a0534fdda58a7ae13839ac66194434406e00a3bb5f4538f9909886
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=3.9.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 10 Sep 2022 13:34:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 468
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/activecampaign-subscription-forms/activecampaign-form-block/build/style-index.css?ver=1655708546
162.241.31.17200 OK 68 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/activecampaign-subscription-forms/activecampaign-form-block/build/style-index.css?ver=1655708546
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 90ab6abd733c548ce45e9a915dd5e393
0ab70a6f2db38b3a45e32434d8e91ba5ea85b1f3
6df8167afb27ff67a1c2b03c95e5da1af2ae36e93ac7cf61ff9b579782886af2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/activecampaign-subscription-forms/activecampaign-form-block/build/style-index.css?ver=1655708546 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Jun 2022 07:02:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 68
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/css/ep-helper.css?ver=4.5.1
162.241.31.17200 OK 6.1 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/css/ep-helper.css?ver=4.5.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (31183), with no line terminators
Hash a0ffaefa75933156040428da26fceff1
dff3319ac64d441664b7f33c52aa7cea49a185e0
ff8906ca3e2767be279d5bac86cb693f0417738dc733c1a76bbca90abe374877
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/bdthemes-element-pack-lite/assets/css/ep-helper.css?ver=4.5.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 6089
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js?ver=1.2.52.0
142.250.74.106200 OK 5.4 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js?ver=1.2.52.0
IP 142.250.74.106:0
File type ASCII text, with very long lines (2134)
Hash 30ca3165d143baf2835023bfcf463450
62c662c0873b79a314c040fef28dcd29abb14480
4f405d00e8ced09d5826e3e070b7e4d3f3556f856ca790b0b4a2c2eaaf58d33b
GET /ajax/libs/webfont/1.6.26/webfont.js?ver=1.2.52.0 HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Oct 2022 08:15:16 GMT
expires: Tue, 24 Oct 2023 08:15:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 300614
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.twitter.com/widgets.js?ver=1316526300
93.184.220.66200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js?ver=1316526300
IP 93.184.220.66:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 4022ee7b53654f65608ad9a3ba759687
cc243d089a8a77c0a7123434746ea36b054634dd
7af6243905b2256cb4f8fe0e77386c274592c322fb23b11784ecf86d250c7e09
GET /widgets.js?ver=1316526300 HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 70
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Thu, 27 Oct 2022 19:45:30 GMT
Etag: "f26384f93da6974ed577808dfa1fede5+gzip"
Last-Modified: Wed, 28 Sep 2022 20:05:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F708)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
x-amzn-internal-status: 304
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29223
notescreatecashflow.com/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=1.0.1
162.241.31.17200 OK 446 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=1.0.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1193), with no line terminators
Hash 628dac1e53ffbb22f46880b96cf8c97a
7afe4d338676189be6e9bb83b4dfbe4ca7217e7c
77c36f43986c2addb34da6614a3deecae57ebf25747a5d06a058a0d73c8d9efa
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=1.0.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Feb 2022 15:14:57 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 446
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
162.241.31.17200 OK 2.2 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (8319)
Hash 13cea74ab9f2d81ee9c67bc07d61566f
a049ce2fc7956a960a771a8e11c3a5bb2ded6648
e5b0e22a5e327333cd93f3c6af05beacd5a09c0bb37e4725b5a20276a0c6a61b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Sep 2022 14:19:11 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2233
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/jquery.fancybox.min.css?ver=3.0.47
162.241.31.17200 OK 4.1 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/jquery.fancybox.min.css?ver=3.0.47
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (12795), with no line terminators
Hash cf0785cf0ed0e61ff719545fa3895446
41d23fc8b5755e0d9d72a174d0cfaf781df5f2b3
159db16a04f99391f3a89816a0b7955f3accf86fafb9c0c07dcdebe222a41c5a
GET /wp-content/plugins/wpb-elementor-addons/assets/css/jquery.fancybox.min.css?ver=3.0.47 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 21 May 2022 06:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4130
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
162.241.31.17200 OK 4.0 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (19233)
Hash 2701214b028ad24fa347df8335b36d12
156bc8a7ad2657f00881890637f07c6052636499
9a6e62615ceeec7a9763e4f9614e4715d04fd87873b23db2b3ead06c996cad27
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4008
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1
162.241.31.17200 OK 3.9 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1577)
Hash 0de3f234bf5adf709c64d6a81701e107
ec76e30709d2ac94c86121529768c54b84943872
c67075988b28f06061348cebb275f465c608e141f9a00b50c5e4824f57ed10f3
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 12 Oct 2022 01:12:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 3861
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/core.min.js?ver=1.11.4-wp
162.241.31.17200 OK 1.9 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/core.min.js?ver=1.11.4-wp
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3706)
Hash e4aebe10ea775a8878c1262700048788
df5bb2ea30df05125f95f043eaa334643a6ecfef
55886bad3ef9248a6cd005ccb2780c2b7d4f6eaea706b75f5857f45e0b585417
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/core.min.js?ver=1.11.4-wp HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Dec 2020 16:32:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1897
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f046e6113dd1e5e499c765516be08b17
c2253055e09b46209469853cad8720e64f84a1bf
18663a8f0b5d4d7581b771da6c2dc897bc2b82d51d7dac1a56d22f9bebab6fb3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
162.241.31.17200 OK 309 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (483)
Hash 0ea43e394ddaae5fdb710dbbc8869e58
3b0c93adc80720236096201db5cc2751e703996d
85225fffa21a94bfd954393d7471069ab227b98fd8b51cb5ab4af5488168a34e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 309
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.3.2
162.241.31.17200 OK 900 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.3.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3432)
Hash 1e0ef5b4ebd931aecd01564980628978
e618b92e03a6c4bd4abffed22abb1e835c05a601
1deef467f6db854d82e8c6288086664c7cf60a41b18bb7216d63bb83061ba878
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.3.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 900
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/essential-addons-elementor/eael-1593.css?ver=1595363589
162.241.31.17200 OK 2.8 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/essential-addons-elementor/eael-1593.css?ver=1595363589
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (8511)
Hash b6c947a3fa5e904efa4ef791de8242bc
c93cffea14541737dfa32f2efab371b31e254d0d
e5c6dccf9180c9f9c243e352f65ded93ad17659986426a3f6c1e69bfcb598f3b
GET /wp-content/uploads/essential-addons-elementor/eael-1593.css?ver=1595363589 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Aug 2022 11:43:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2833
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/elementor/css/post-1593.css?ver=1619372149
162.241.31.17200 OK 3.6 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/elementor/css/post-1593.css?ver=1619372149
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (22916), with no line terminators
Hash e30624a7f48739fd3abace9047c03f50
dffe10006abfb3fcf61190f29c29b5921e2c44d7
ed4d04a5b0d13556d02be8027fe8ff481dafb77edbe309fd48b91bd0a714f485
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/elementor/css/post-1593.css?ver=1619372149 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Apr 2021 17:35:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 3556
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.7.8
162.241.31.17200 OK 4.4 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (26516)
Hash fdd462f58aee3f9349eabdefb5ca0b57
bb6e017d5537630516ccb98952593690a8c69864
ca51806fcedbe90dd613c4c28673af8693381806a5cb3b43dce2ea4f43e8b314
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4436
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/elementor/css/global.css?ver=1619372178
162.241.31.17200 OK 4.6 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/elementor/css/global.css?ver=1619372178
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (41079)
Hash 82b87eac3e2ff856ed456e74139d6f21
e7d5cc2be12f38ee0b49ebcb69b7d582d2126625
89805178e56e5393c100eb2a653c2904fb406453f3b42c703de38b8c8f147743
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/elementor/css/global.css?ver=1619372178 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Apr 2021 17:36:18 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4554
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/08/cropped-logo-nccf-small-305x44.png
162.241.31.17200 OK 7.0 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/08/cropped-logo-nccf-small-305x44.png
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 305 x 44, 8-bit/color RGBA, non-interlaced\012- data
Hash 0c9799736ec6e2e1083c8b52bb52aeae
aa5ef0abbcf6f87d501046323d26093273b9478f
3d8b7d5e07cb7a3ed336a739753073ae101b8a614dbcc68edfe2a65456e4d635
GET /wp-content/uploads/2019/08/cropped-logo-nccf-small-305x44.png HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 06 Feb 2020 13:51:28 GMT
accept-ranges: bytes
content-length: 6956
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/gallery-videos/CSS/totalsoft.css?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 7.3 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/gallery-videos/CSS/totalsoft.css?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (387)
Hash 4746b6202a5f4439e239739938bde500
d479b5dbde51a02b0389b7f38a0f2b3bdeda2101
76ceccd889bdf4cb60bfdc099943401855f0655ee42ce00247e341c5a3352fd0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gallery-videos/CSS/totalsoft.css?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 22 Oct 2022 10:21:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 7315
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/popup-builder/public/js/PopupConfig.js?ver=4.1.14
162.241.31.17200 OK 1.9 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/popup-builder/public/js/PopupConfig.js?ver=4.1.14
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2826)
Hash 8fdc9c05d68f6b2abf923008cbefb76c
6fac390eb1212fe63dd604852b28eff3a9ab7538
4ea4425287650bfc5d48b5746f12c980b2b1cf2921d5fa42fdd97a9f75b36bd7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/popup-builder/public/js/PopupConfig.js?ver=4.1.14 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:25:27 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1922
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/gallery-videos/CSS/Total-Soft-Gallery-Video-Widget.css?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 6.2 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/gallery-videos/CSS/Total-Soft-Gallery-Video-Widget.css?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (630), with CRLF line terminators
Hash 353f0cb92573637da6863cab43f2e036
a4a1adf04d8589061cc526bf8356d694dc20586a
72459d6a8fb8d8c2a48946097c42d721a603e4cb05dcfbe1b46fddff786954cf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gallery-videos/CSS/Total-Soft-Gallery-Video-Widget.css?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 22 Oct 2022 10:21:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 6229
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.7.8
162.241.31.17200 OK 13 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (59158)
Hash e6b67e11736ae36a062b381717f2ea9f
a663a79bc8d42aa58bfea1351cc27e0d0b09c9b2
a07a94d36246d0b3e5b9b18e274e31995d0e23cda955babf5e350e91a879523d
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 12862
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/main.css?ver=1.0
162.241.31.17200 OK 14 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/main.css?ver=1.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type assembler source, ASCII text
Hash 3174de4499877ae0b55b3828c0763afc
191b1f3e4edaa04e65cb1a702e61cdd66d8e0cf1
bc44da36c58b8de50890171041bcd73cd3d327a0b84a7cbb22a748cff3ed6905
GET /wp-content/plugins/wpb-elementor-addons/assets/css/main.css?ver=1.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 21 May 2022 06:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 14235
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.8
162.241.31.17200 OK 1.6 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (13766)
Hash 30480fbfc8f976e15c91b651e2fb8a3a
7572e53ff179adddf6eed50815d935898458503b
d15711b68670a73c3a661636d4262e13070957d26ab3d308a930f0f9ee1f5748
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1608
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
162.241.31.17200 OK 13 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (57726)
Hash dc63c0a8e2d5857cc7a00a4b5456dabb
ee29df5eb2a4bf3eb805b160551c1afd84b42599
035ef40b1dd3df1eefb2dd3c8c2096425727fb939b06f3aa0bc6ef91dafd5441
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 12577
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/elementor/css/post-2077.css?ver=1619372148
162.241.31.17200 OK 399 B URL HTTP/2 notescreatecashflow.com/wp-content/uploads/elementor/css/post-2077.css?ver=1619372148
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1089), with no line terminators
Hash 35780bf36248e9e1b8cf3c2b411ea48f
a1f6ffbee97b6153f1a774694c926e26faa4f8fe
4bf3bf4b55f41db2ccaa73ba7211c1d9744519721bafc95b4f8e9fda81519a16
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/elementor/css/post-2077.css?ver=1619372148 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Apr 2021 17:35:48 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 399
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/icons/lineicons/lineicons.min.css?ver=1.0
162.241.31.17200 OK 4.4 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/icons/lineicons/lineicons.min.css?ver=1.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (22122), with no line terminators
Hash 5f8da1d75236d92bc4ee68a9759b5749
f229c3b3893ef75b1b4a1e71d377881a18a381ec
7f73bd214281d48396629477bb74abf35de5150fc78c01344ea1ac6407ab1820
GET /wp-content/plugins/wpb-elementor-addons/assets/icons/lineicons/lineicons.min.css?ver=1.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 21 May 2022 06:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4380
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/gallery-videos/JS/modernizr.custom.js?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 4.4 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/gallery-videos/JS/modernizr.custom.js?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with very long lines (9019), with no line terminators
Hash 9895552e383af999a43c28cd1b4f75fd
501b8826df2d1b36d1df16ec16e90da08e7f0265
84db40eae84c750a5a42bf02e70d38fd55dec6b97162deb4b98fe3593592d44e
GET /wp-content/plugins/gallery-videos/JS/modernizr.custom.js?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 22 Oct 2022 10:21:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4371
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/grid.min.css?ver=4.0.0
162.241.31.17200 OK 8.6 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/grid.min.css?ver=4.0.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (49110)
Hash ccdd16a0c2a461615e409d5f66e0a701
4c402bdd9bf4b82e71af7b64c5bf92a0f9190700
e8ead38248a0c1d5d92323dc56e50a740a1cf73b1ab9fae320583916da0cd389
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wpb-elementor-addons/assets/css/grid.min.css?ver=4.0.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 21 May 2022 06:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 8630
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/popup-builder/public/js/Popup.js?ver=4.1.14
162.241.31.17200 OK 11 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/popup-builder/public/js/Popup.js?ver=4.1.14
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (5515)
Hash 16d1fec49c44e531ed32df9f6995b4bf
1c6d9f123ff57ee98eadc1e012937ed924a66a1d
8e59a944841abfefb8a994d0e6b0beda7f3a6d68f73a5b7e45ee789d37a5bc12
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/popup-builder/public/js/Popup.js?ver=4.1.14 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:25:27 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 10580
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/slidedeck/css/slidedeck.css?ver=5.4.1
162.241.31.17200 OK 16 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/slidedeck/css/slidedeck.css?ver=5.4.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9d7c28b41c74a448e9c5108cdd1b6139
4a70cc8bc0e95464a6cf7c84c4d61860333c240f
ec320cf0c703354aa4852eb78354acce95cae0463a4342b392c2b4c5864bf60f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/slidedeck/css/slidedeck.css?ver=5.4.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 06 Feb 2021 12:48:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 16228
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
162.241.31.17200 OK 5.8 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1003)
Hash 23a4fdd482135b925f8b5832d126f06a
d9abb1ad16172301455d443ad95893a86709ef46
7682352a27b25884f2f065d516d7900975cb3a756eda65b455a17c6dec55dc06
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Sep 2022 14:19:11 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 5754
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.7.8
162.241.31.17200 OK 4.4 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (14869)
Hash 7bab7ad64ffbd7846dd6819250b93e2e
c924918d540389aff62220088b6761f38a5da272
045250efe67364c953a91f6a60cf407ebb5cfdb2da04e84c3d98e5bab5eca9ba
GET /wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4359
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/gallery-videos/JS/Total-Soft-Gallery-Video-Widget.js?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 12 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/gallery-videos/JS/Total-Soft-Gallery-Video-Widget.js?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 7e1866ff6855d9461c2bcef6729994c0
878b80cc389c73f555cf83d922edbe264b9ed659
34dd2407cd0c109effbf72f11caaac329c1ce54f6a7374cb0f8065da8110a966
GET /wp-content/plugins/gallery-videos/JS/Total-Soft-Gallery-Video-Widget.js?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 22 Oct 2022 10:21:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 11683
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-migrate/jquery-migrate-1.4.1-wp.js?ver=1.4.1-wp
162.241.31.17200 OK 9.3 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-migrate/jquery-migrate-1.4.1-wp.js?ver=1.4.1-wp
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash efcd20e20b6f0870628a30513b22cf14
3974a9212ca714e1147b97abd4d03167f0012f7e
0586ae89290e8b96402ca804152e58884f9a8c7ef79f4a8f5409dfb17ffeb2f5
GET /wp-content/plugins/enable-jquery-migrate-helper/js/jquery-migrate/jquery-migrate-1.4.1-wp.js?ver=1.4.1-wp HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Dec 2020 16:32:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 9262
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/owl.carousel.css?ver=2.3.4
162.241.31.17200 OK 1.5 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/css/owl.carousel.css?ver=2.3.4
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3184)
Hash 4d225159c4052438097ed14465067697
8763dc96740af8bdfff405e9105d3df1991710a9
64db96c1d2ae85d34e89002ee5e0418896d525aa8f6faf48dbebba2db286f5ec
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wpb-elementor-addons/assets/css/owl.carousel.css?ver=2.3.4 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 21 May 2022 06:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1527
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/popup-builder/public/css/theme.css?ver=4.1.14
162.241.31.17200 OK 15 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/popup-builder/public/css/theme.css?ver=4.1.14
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4774)
Hash 3879490522050b0b43ee02e18031e281
7a7661f8b5e7e03ff0278a5d25781ada30bdb9c4
94b9a54399649a19fccfc8518ad87e133d556c02f8737049d5bcc267430c23a6
GET /wp-content/plugins/popup-builder/public/css/theme.css?ver=4.1.14 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:25:27 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 15343
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wp-simple-firewall/resources/js/shield/loginbot.js?ver=16.1.9&mtime=1664542246
162.241.31.17200 OK 1.0 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wp-simple-firewall/resources/js/shield/loginbot.js?ver=16.1.9&mtime=1664542246
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash bfb627ffeecc12b74e3e061f1049135e
552abe4b3db9898a694a55c950fd8fe0521e6eea
11f44ef06bb22457478ea1feea270fe668c121f1ba57cf622540f7e2c95da509
GET /wp-content/plugins/wp-simple-firewall/resources/js/shield/loginbot.js?ver=16.1.9&mtime=1664542246 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 12:50:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1043
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.9.2
162.241.31.17409 Conflict 83 B URL HTTP/2 notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.9.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.9.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wp-simple-firewall/resources/js/shield/notbot.js?ver=16.1.9&mtime=1664542246
162.241.31.17200 OK 1.6 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wp-simple-firewall/resources/js/shield/notbot.js?ver=16.1.9&mtime=1664542246
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 92ef17d213f29742b7819c9fd78d3b2a
3b3d8f0ca2a00589e3a4fdf5f02d6ce9a41287c9
e7364b2ac8d19e8f5c32158969867c5a752a9cac2d99c25d95993404c4801e1a
GET /wp-content/plugins/wp-simple-firewall/resources/js/shield/notbot.js?ver=16.1.9&mtime=1664542246 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 30 Sep 2022 12:50:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1601
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/galleries.min.css?ver=3.9.2
162.241.31.17200 OK 386 B URL HTTP/2 notescreatecashflow.com/wp-content/themes/astra/assets/css/minified/galleries.min.css?ver=3.9.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1025), with no line terminators
Hash b8c2a36c614f5d57fc8f678a17487882
602b16fc4ba773f4e46a3f2092008260cdc8df18
29bcf22f95df69fedcd8f2d77c3219484363b596df0de1f8844a040766beca22
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/astra/assets/css/minified/galleries.min.css?ver=3.9.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 10 Sep 2022 13:34:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 386
content-type: text/css
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/activecampaign-subscription-forms/site_tracking.js?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 638 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/activecampaign-subscription-forms/site_tracking.js?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (467)
Hash c3bb756dd30b623fe2a5640f18b285e6
530927344abc80e541a62033291eb0251b6bffab
bd9f82743bb8efa218ab98f8103e56e04fb368a372585daec1e50c0689f1f09f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/activecampaign-subscription-forms/site_tracking.js?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 20 Jun 2022 07:02:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 638
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/themes/astra/assets/js/minified/style.min.js?ver=3.9.2
162.241.31.17200 OK 3.6 kB URL HTTP/2 notescreatecashflow.com/wp-content/themes/astra/assets/js/minified/style.min.js?ver=3.9.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (10398), with no line terminators
Hash 24a2e6342962f0d0c52ea626efb180aa
2390c50a381d2808316905a38e12cca282e20b32
d45d38dadcffc780aba0024b0c745eff21fc6532990fd6ac484a7e5186502800
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/astra/assets/js/minified/style.min.js?ver=3.9.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 10 Sep 2022 13:34:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 3584
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
162.241.31.17409 Conflict 83 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
162.241.31.17409 Conflict 83 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRosario%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=a586a679a2451aaacd9b80b5255bd36c
142.250.74.10200 OK 5.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRosario%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=a586a679a2451aaacd9b80b5255bd36c
IP 142.250.74.10:0
Hash d308a89df1f5bee8e2c18beadb65beab
a41d492d9f68f4789314766091af36f8c6ac0b9a
20bae73ff5910b84d571b47a7c23fca7e40bf97a680d6828fb28e0d0a43eccb6
GET /css?family=Montserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRosario%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 27 Oct 2022 19:45:30 GMT
date: Thu, 27 Oct 2022 19:45:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6
162.241.31.17200 OK 715 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1020)
Hash 01877fb8d22ecf9b52f393792f429692
e6fcb297a5fff2bfb61f6c0ac4dd592d7aa18daf
d9f13ec3d4e00504aaa4865aa3a4be7bcf65abe46fb7df0156364f9f7a959a13
GET /wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 06 Feb 2021 12:48:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 715
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1
162.241.31.17200 OK 4.9 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d0dafde32f8f3cbc89b155d58774a87c
3e1fcd350cb76338112296a1175bd1263c78bc28
be8b7ce46d47b37a45d3d9a332dc2930e4ab3b22e8a630a41645dd6d9bad7391
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 06 Feb 2021 12:48:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4939
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3
162.241.31.17200 OK 2.8 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash def61d453b55428f36bf1e9fa6c30183
7034d21982faba0d22d7085d7f071c16b5014629
862ec44fdd4dd0cf0580f7852ecf15dc07a21b664505023845d8843bd13f1393
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 06 Feb 2021 12:48:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2763
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/essential-addons-elementor/eael-1593.js?ver=1595363589
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/uploads/essential-addons-elementor/eael-1593.js?ver=1595363589
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/essential-addons-elementor/eael-1593.js?ver=1595363589 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Aug 2022 11:43:53 GMT
accept-ranges: bytes
content-length: 0
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/
162.241.31.17200 OK 48 kB IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (34199), with CRLF, LF line terminators
Hash 56590fcfe365f7c821e5fed3bb11de9d
a108041f1d77f4e728e7594bdf8a1ebdef7d58fa
de7d59e13a4bcd7a315d5d6cf6f6b0697a60ea7727346b8b73a240db0b693ff4
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
vary: Accept-Encoding,Cookie
cache-control: max-age=3, must-revalidate
set-cookie: shield-notbot-nonce=018d639258; expires=Thu, 27-Oct-2022 19:45:45 GMT; Max-Age=15; path=/; secure
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/html; charset=UTF-8
date: Thu, 27 Oct 2022 19:45:29 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/js/owl.carousel.min.js?ver=2.3.4
162.241.31.17200 OK 16 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/js/owl.carousel.min.js?ver=2.3.4
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (31997)
Hash 8a2ba9702fb3cca3c84924959fff383d
ec7e32b952d84e211870dd0e9f1520582e3b4270
ebcdf76e9e513c320785d95cbfa122a4aaa6143fc8ea69a2ea0dedf0277828b8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wpb-elementor-addons/assets/js/owl.carousel.min.js?ver=2.3.4 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 21 May 2022 06:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 15883
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2020/04/youtube-thumbnail-implode-768x432.jpg
162.241.31.17200 OK 64 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2020/04/youtube-thumbnail-implode-768x432.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 768x432, components 3\012- data
Hash 2d5a60ffd8d0f9e01d49da9ab16b38f4
5f95be8a3036fa15d5ec9718e72b948093f35562
28d6cf42510d5fb2199d00897dd36af5ed9dd75dfa9578847cd1d2aebb12b2f5
GET /wp-content/uploads/2020/04/youtube-thumbnail-implode-768x432.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Apr 2020 12:14:45 GMT
accept-ranges: bytes
content-length: 63978
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-includes/js/wp-util.min.js?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 591 B URL HTTP/2 notescreatecashflow.com/wp-includes/js/wp-util.min.js?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1042)
Hash 9875c15a68630290d320fa21f40acca4
f63ea6aaa76e246fcf9b23a4dbf3a44511ecff8f
2e4ddc4e0ad92fafcb268e92cc465048f0696c548b313def8fc91eeae8e2293f
GET /wp-includes/js/wp-util.min.js?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Apr 2021 11:16:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 591
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.7.2
162.241.31.17200 OK 374 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.7.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (754), with no line terminators
Hash ef785f463505633971eae5c08ad626d4
624e22257f386801822229db3a4bbd2e24b25e2f
b2a0dc77f0f79d81698a7e3893e16ecba7b0d980b80a5233656d9b11f1d8160d
GET /wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.7.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:25:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 374
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
162.241.31.17200 OK 3.7 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (12198), with no line terminators
Hash e2a8decccf4d0a6b925af707a36077a9
26a0febc9c3d91e75410f74b9ec62099ba1cbe90
09e0e638a6f53c0fdcfeeb8ae91f3a404bef47b471324e335e29be14a2aa87f7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 3747
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.3.2
162.241.31.17200 OK 2.9 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.3.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (8016), with no line terminators
Hash 3fb911c81f788558bc6d1107199f3531
6dc32db62563450febea4e0f43b7da34defbb99a
7ac7ac2450edf5bb80788a92c271b0a0e806aacbfd4cced63e941a3035cf43c1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.3.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2938
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/images/placeholder.png
162.241.31.17200 OK 6.1 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/images/placeholder.png
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1200 x 800, 8-bit colormap, non-interlaced\012- data
Hash 1632e46a5c79d43f3125ca62c54189cb
0897f3db9a66f710a4975dbdcc5fed765b62be0f
1a8352b9372452ab024b5dfd3c74cd8fac2c84e7ff152879f83949c4707fd87e
GET /wp-content/plugins/elementor/assets/images/placeholder.png HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
content-length: 6146
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-includes/js/underscore.min.js?ver=1.8.3
162.241.31.17200 OK 6.4 kB URL HTTP/2 notescreatecashflow.com/wp-includes/js/underscore.min.js?ver=1.8.3
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (16010)
Hash 96bea734708712077251c5329641f1c6
5a37dc74b5532c8905fd02a17771199e78d1d880
a1e8bb45168c7805dd39f1e2fdecda8f10e30132f9d935841c063281be341e4a
GET /wp-includes/js/underscore.min.js?ver=1.8.3 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Apr 2021 11:16:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 6378
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/position.min.js?ver=1.11.4-wp
162.241.31.17200 OK 2.6 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/position.min.js?ver=1.11.4-wp
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6261)
Hash fff4688e489169ed8e15ba862bb1a5c2
34fd7e1474118a0106ac0bc42d60d4ddca8745a2
5efe79afd9c77f17799cdb61039cff9d9c8086562b04e140b8e5f11883195dff
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/position.min.js?ver=1.11.4-wp HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Dec 2020 16:32:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2607
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/js/super.js?ver=1.0
162.241.31.17200 OK 5.0 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/wpb-elementor-addons/assets/js/super.js?ver=1.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash a07343805ef3654ff8941a640e1a1571
c9e1c18d9e263ae678db741cbcd1b5da09451ffb
c3ff1c8b44dcebb4327d586b4888d932d6755dffdf33ebe1fa7dfc55c4b1837f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wpb-elementor-addons/assets/js/super.js?ver=1.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 21 May 2022 06:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4973
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.8
162.241.31.17200 OK 13 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (32889)
Hash a3a9966edbcf4ff24cbce6355e84c975
4c31a0c1e12987b364c178689b8283d09e4f8a63
d50d738abb2b285ac79c3552d286706f3a99e60add08edad08f20b2d4adbdb8d
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 13281
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1
162.241.31.17200 OK 18 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1587)
Hash 48b6fa19f0e30db30e1ca1b6549bacc4
7d6b23ab75724ddaff6257c433584cfd9c545bb3
32133888d1ad312e8ff83249bcdad2c38eaefdbf11b5101815a6b3aa25e3c826
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 06 Feb 2021 12:48:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 17677
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
162.241.31.17200 OK 4.2 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (10544)
Hash 552977febe8ef2c71b0806dfaefd2552
01baebfd09383c5d44f066e7b5540fcca6a5eae4
7895907f5a4f54c08c4705b1a194e21c556d68027c5e0a70d4c05b377e712b1d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4200
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2020/06/free-e-book.png
162.241.31.17200 OK 58 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2020/06/free-e-book.png
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 412 x 361, 8-bit/color RGB, non-interlaced\012- data
Hash b72bc0d2b923595f6a9626306891cc5a
f1b5836186fb5932d6d211b46336b91af34594d0
8664f3219da39e2d429f994202c2ada6e70038830363b7bc45d04394083ed98a
GET /wp-content/uploads/2020/06/free-e-book.png HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 18 Jun 2020 23:31:46 GMT
accept-ranges: bytes
content-length: 57600
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2020/03/youtube-thumbnail-corona-768x432.jpg
162.241.31.17200 OK 68 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2020/03/youtube-thumbnail-corona-768x432.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 768x432, components 3\012- data
Hash e0fd34aa175efb3055eda431e08a9b65
592733bb06d14fcbcf9c87e55df466553ff88cc2
477d5084dd2b13d840a3922038f3bcd6ff242104019618f5554af0291df49118
GET /wp-content/uploads/2020/03/youtube-thumbnail-corona-768x432.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 31 Mar 2020 12:07:44 GMT
accept-ranges: bytes
content-length: 68227
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.7.8
162.241.31.17200 OK 1.2 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2620), with no line terminators
Hash 55936584085d0d310919b755eda1ab3f
be317c3b2ed5143669375295b3107e591bf708da
aad2265c39cafa6e01b791b1ef5025a2d237ee91346ef446beb722fdcd578d58
GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1187
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/js/common/helper.min.js?ver=4.5.1
162.241.31.17200 OK 139 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/js/common/helper.min.js?ver=4.5.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 34dd50692330c5002fdba2e65b1d0630
c6370311efaff86f4770b37394d572c8e7aedba1
f0fc44c9258b2b9e35ee759bcd4cce3e26476fefe68381ef4ee8e2e3384a58b5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/bdthemes-element-pack-lite/assets/js/common/helper.min.js?ver=4.5.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 139
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.8
162.241.31.17200 OK 16 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (40474)
Hash eb7e2c1cbf83cab4aa6a7fef0dd47eb2
774647abb91ffaee699a8047c9d2fd8a65daff35
bdb3c3194100984be02d52864d7ade76025aa5c3028133d27d947ffb2a75b1e7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 16151
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.8
162.241.31.17200 OK 2.3 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4918)
Hash a8a064f7e05640436a939b0839c64a66
e9bbdd085a3038acd63d108accba8dfb5499f4c0
2173daddf76795f8194c34463bfc5c9be793aecc545b4672ed5a6f9afcb473c3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2313
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/01/kitchen-with-logo-768x512.jpg
162.241.31.17200 OK 190 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/01/kitchen-with-logo-768x512.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 768x512, components 3\012- data
Size 190 kB (189851 bytes)
Hash d794d25b794e9d168e8c02de8aa2cdea
cb64b55d08f02b48d4cc64341430c66b510c1d9b
46736f089e470c7d6605d7b85b80283d49bc656279275b5fe068b35003173392
GET /wp-content/uploads/2019/01/kitchen-with-logo-768x512.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Jul 2019 14:05:43 GMT
accept-ranges: bytes
content-length: 189851
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2020/04/youtube-thumbnail-yield-768x432.jpg
162.241.31.17200 OK 69 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2020/04/youtube-thumbnail-yield-768x432.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 768x432, components 3\012- data
Hash a9ac96ed1ecfd3a2d88c1fa64fc87296
57955ae0ca2d6bff5a83c7d792194f742356a6e2
f513630e423dfe5b4cd0abe4f2ec2fa9c90256e61fff4e1ef5788cb9da1a1a45
GET /wp-content/uploads/2020/04/youtube-thumbnail-yield-768x432.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Apr 2020 13:33:26 GMT
accept-ranges: bytes
content-length: 68991
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/01/front-with-logo-768x512.jpg
162.241.31.17200 OK 299 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/01/front-with-logo-768x512.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 768x512, components 3\012- data
Size 299 kB (299303 bytes)
Hash 3d284647114d11cbb4767e33498d8381
034176b4b1bda42f67c7304b5f7cfd1b71e93ed2
e0542beabed8447f2abb530bf642bd14cd7c7f1525bbb55f3e415b5a9c33e799
GET /wp-content/uploads/2019/01/front-with-logo-768x512.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Jul 2019 14:06:22 GMT
accept-ranges: bytes
content-length: 299303
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-14Z70HW72P>m=2oeaq0&_p=1325508762&cid=32853396.1666899930&ul=en-us&sr=1280x1024&_s=1&sid=1666899929&sct=1&seg=0&dl=https%3A%2F%2Fnotescreatecashflow.com%2F&dt=Fletcher%2C%20Loucks%20%26%20Rondeau%20L.L.C.%20-%20Buy%20%26%20Sell%20Mortgages&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-14Z70HW72P>m=2oeaq0&_p=1325508762&cid=32853396.1666899930&ul=en-us&sr=1280x1024&_s=1&sid=1666899929&sct=1&seg=0&dl=https%3A%2F%2Fnotescreatecashflow.com%2F&dt=Fletcher%2C%20Loucks%20%26%20Rondeau%20L.L.C.%20-%20Buy%20%26%20Sell%20Mortgages&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-14Z70HW72P>m=2oeaq0&_p=1325508762&cid=32853396.1666899930&ul=en-us&sr=1280x1024&_s=1&sid=1666899929&sct=1&seg=0&dl=https%3A%2F%2Fnotescreatecashflow.com%2F&dt=Fletcher%2C%20Loucks%20%26%20Rondeau%20L.L.C.%20-%20Buy%20%26%20Sell%20Mortgages&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://notescreatecashflow.com
date: Thu, 27 Oct 2022 19:45:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/01/backyard-with-logo-768x511.jpg
162.241.31.17200 OK 356 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/01/backyard-with-logo-768x511.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 768x511, components 3\012- data
Size 356 kB (356388 bytes)
Hash 15f812fbb57f61353052d99fe83b71a9
d69af11d52c7178d10c5e213f348be121f105c00
1f5af4a0afd1cfa78100820e8c541520caff2098d9bb7cffd9f5072b0d863c62
GET /wp-content/uploads/2019/01/backyard-with-logo-768x511.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Jul 2019 14:05:27 GMT
accept-ranges: bytes
content-length: 356388
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e2112f220d40541dc89cec951b95fdae
895389de166ac6a2035c01fd52068ca49910911b
55b9248ef532801eae68b3916f1444c93f5f8cf8ef8732825012cdfc74f11245
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5185
Cache-Control: max-age=156956
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:31 GMT
Etag: "635a8db6-118"
Expires: Sat, 29 Oct 2022 15:21:27 GMT
Last-Modified: Thu, 27 Oct 2022 13:55:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d14190b7d44355f74384008fc2bc965b
8899240507992ceba98f567c079650149cc583a4
2db73ab3dfce1101ff8aaa09fe7227ad8017486b3ec3f536b7f8a1102ec0c267
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Oct 2022 19:34:08 GMT
expires: Thu, 26 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 87083
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a63ea2903767bb46326d85331e42e34e
b113b248df6025ed117551b7baa1960316122415
4ba54e12a06237d2c396d93e1cf9513b066074df9993ee408ee2bfb365c5f3c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a63ea2903767bb46326d85331e42e34e
b113b248df6025ed117551b7baa1960316122415
4ba54e12a06237d2c396d93e1cf9513b066074df9993ee408ee2bfb365c5f3c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
notescreatecashflow.com/wp-content/plugins/popup-builder/public/js/PopupBuilder.js?ver=4.1.14
162.241.31.17200 OK 24 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/popup-builder/public/js/PopupBuilder.js?ver=4.1.14
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 601f176f0d1cfcb85660a9ca61e22f94
9979b1ed02c9221771755f4038c2fe618e18faa4
6f959f66638c9443dd79badb97bf726b851afdb5f75ac8088ebfb96e6d927931
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/popup-builder/public/js/PopupBuilder.js?ver=4.1.14 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:25:27 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=recaptcha_callback&render=explicit
142.250.74.164200 OK 578 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=recaptcha_callback&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (913), with no line terminators
Hash 3c9bd43a08c58f3ef7fb684722f057b2
7f0c26fcd9ec7e19cd18c13abc98a3eacd5d4380
8d254e41069dcf40f0a332e305143b53df2ec98ee205fd03e5c953f9f6df79d4
GET /recaptcha/api.js?onload=recaptcha_callback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 27 Oct 2022 19:45:31 GMT
date: Thu, 27 Oct 2022 19:45:31 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Oct 2022 16:40:18 GMT
expires: Fri, 27 Oct 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 11113
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Oct 2022 19:34:08 GMT
expires: Thu, 26 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 87083
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e63a6e99afc26edeaa6e0ec14ea98868
6909f81a74cb2479794f87397c2c9f7bbe759721
af5090a668f3b5293473c111761ca086d6e77a40cd9b5022d669327736034a4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/rosario/v27/xfux0WDhWW_fOEoY2FP9zQ.woff2
216.58.207.195200 OK 32 kB URL HTTP/2 fonts.gstatic.com/s/rosario/v27/xfux0WDhWW_fOEoY2FP9zQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 32332, version 1.0\012- data
Hash 8ea83423eb421b5c10afec23c4327753
4310fcd99af0f4c2ce00f4b448e61047032aedae
88cd1f5c17d40565f6eff217d07528a0ac35bf441a490ca73ea4ce7246886cea
GET /s/rosario/v27/xfux0WDhWW_fOEoY2FP9zQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 32332
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 25 Oct 2022 09:19:56 GMT
expires: Wed, 25 Oct 2023 09:19:56 GMT
cache-control: public, max-age=31536000
age: 210335
last-modified: Mon, 18 Jul 2022 19:46:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
216.58.207.195200 OK 32 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 31760, version 1.0\012- data
Hash fda4d0b623999af43148ba34c3b1ff73
ca5496af89720cc3e94e6279132f252b7cd471a6
33befdbbb24930584f5ac94ea3117adcd56518f20ab1619d05de83ffd1821d38
GET /s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31760
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Oct 2022 22:19:11 GMT
expires: Tue, 24 Oct 2023 22:19:11 GMT
cache-control: public, max-age=31536000
age: 249980
last-modified: Mon, 11 Jul 2022 18:54:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Oct 2022 19:40:23 GMT
expires: Thu, 26 Oct 2023 19:40:23 GMT
cache-control: public, max-age=31536000
age: 86708
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 16:04:44 GMT
expires: Sat, 21 Oct 2023 16:04:44 GMT
cache-control: public, max-age=31536000
age: 531647
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/rosario/v27/xfuz0WDhWW_fOEoY2FbNzybH.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/rosario/v27/xfuz0WDhWW_fOEoY2FbNzybH.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 31356, version 1.0\012- data
Hash cf748e979bb8eb42c9ace95f32913d47
ff44348c4742cb613ddc6881aef7c362d423869a
81c2a8747612a7b5f4181d2309e2f1827af2df2c296f50ac0694a1076eb30605
GET /s/rosario/v27/xfuz0WDhWW_fOEoY2FbNzybH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31356
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 25 Oct 2022 15:51:45 GMT
expires: Wed, 25 Oct 2023 15:51:45 GMT
cache-control: public, max-age=31536000
age: 186826
last-modified: Mon, 18 Jul 2022 19:35:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Oct 2022 14:07:32 GMT
expires: Thu, 26 Oct 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 106679
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 26e60c83d7af169687cbd74f7ca924e0
00f7ceb935fe1cc423f95718a04076e4f5eca150
a041e2901d418b289c3129ce7c07a66e598f6d3ac076732635b0a9ac6fbabb89
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
notescreatecashflow.com/wp-content/themes/astra/assets/fonts/astra.woff
162.241.31.17200 OK 3.3 kB URL HTTP/2 notescreatecashflow.com/wp-content/themes/astra/assets/fonts/astra.woff
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 3304, version 1.0\012- data
Hash bfe0ed8503c926d68f58ed0408dfe0d0
0346d02d96ff7d2a0278bc10f4dfdf365c80eac3
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/astra/assets/fonts/astra.woff HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 10 Sep 2022 13:34:03 GMT
accept-ranges: bytes
content-length: 3304
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: font/woff
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
162.241.31.17200 OK 78 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
content-length: 78196
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: font/woff2
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.16.0
162.241.31.17200 OK 93 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.16.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 93372, version 1.0\012- data
Hash aab0bb3379e0eb7ebc26071db61fbd57
711c8d350c4192c2f1aa7f73551445b89fb4b161
691fa7d17effc7d303eda0ad7e4a1d91b2f375506cfc8a774480cc2b55f156ea
GET /wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.16.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
content-length: 93372
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: font/woff2
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
162.241.31.17409 Conflict 83 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/07/house-3-80x80.png
162.241.31.17200 OK 2.8 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/07/house-3-80x80.png
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 80 x 80, 8-bit colormap, non-interlaced\012- data
Hash ed9b52ac17fe00bda67acc60ac122fe4
641bfc4010a5335cd3d542e734280a5735054e38
91e460bf4b1bd6acf27546ea66025bb47c26ec5fa6d854501a57c10c73e7cfd0
GET /wp-content/uploads/2019/07/house-3-80x80.png HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 28 Jul 2019 15:02:28 GMT
accept-ranges: bytes
content-length: 2812
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
unpkg.com/intl-tel-input@17.0.18/build/css/intlTelInput.min.css
104.16.124.175200 OK 4.3 kB URL HTTP/2 unpkg.com/intl-tel-input@17.0.18/build/css/intlTelInput.min.css
IP 104.16.124.175:0
File type ASCII text, with very long lines (19157), with no line terminators
Hash a7b5c148d648a6465b5958171d8cddd0
e1d6fd0749a40929ce99fc9d60cd555dc6f84294
e9cde081e00991cafade75f1e1b1622b73f63e9f5b070446760696f7e973b1f4
GET /intl-tel-input@17.0.18/build/css/intlTelInput.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 27 Oct 2022 19:45:31 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"4ad5-/7iiVjPE3eq4HRsXQqwv0LRCpMY"
via: 1.1 fly.io
fly-request-id: 01GAKZEYB03B4H35RFNZ0NVVM9-fra
cf-cache-status: HIT
age: 6224542
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 760deebe5ecfb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/07/contract-80x80.png
162.241.31.17200 OK 2.1 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/07/contract-80x80.png
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 80 x 80, 8-bit colormap, non-interlaced\012- data
Hash 565937da7e478843b98b285e5f90ecde
e595d9b90723542714ecf5ac68e7b65878f59f34
a4db6e5ae55d457250b205a193b0388435d193ee866893bb2316626ef35039f1
GET /wp-content/uploads/2019/07/contract-80x80.png HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 28 Jul 2019 15:01:28 GMT
accept-ranges: bytes
content-length: 2074
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/07/coin-80x80.png
162.241.31.17200 OK 2.2 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/07/coin-80x80.png
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 80 x 80, 8-bit colormap, non-interlaced\012- data
Hash d983d906b5b88ed3b623075d4d013956
1bcddd63f0648a4739ec4f65380643d1d2d934d0
19790948f0ea87030e9b81a07616e2f8ce33c69658076be6d80e34d979192f63
GET /wp-content/uploads/2019/07/coin-80x80.png HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 28 Jul 2019 15:10:20 GMT
accept-ranges: bytes
content-length: 2212
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/08/logo-1030x149.png
162.241.31.17200 OK 18 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/08/logo-1030x149.png
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1030 x 149, 8-bit/color RGBA, non-interlaced\012- data
Hash ac9a06c48dc620fced6322583427cba1
ec45a84598698de2c92035602187468f5d40734c
c29933930c5cc98137ec5575b64118a3e654daa1801800de21adabad378a88fa
GET /wp-content/uploads/2019/08/logo-1030x149.png HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 01 Aug 2019 15:10:04 GMT
accept-ranges: bytes
content-length: 17926
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 27 Oct 2022 18:41:09 GMT
expires: Thu, 27 Oct 2022 20:41:09 GMT
cache-control: public, max-age=7200
age: 3863
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/recaptcha__en.js
142.250.74.163200 OK 161 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (692)
Size 161 kB (161443 bytes)
Hash f08dc1af68358a3cfc29cc0f7ed68597
bcc7efc80663dd060d7e9e7513994439c0e59a68
01ceb7d3a7706a69ecefbc7863914626ccde29859326c51f98e236bea8242767
GET /recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://notescreatecashflow.com
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 161443
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Oct 2022 22:48:02 GMT
expires: Tue, 24 Oct 2023 22:48:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 24 Oct 2022 04:01:21 GMT
content-type: text/javascript
age: 248250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7e15f96ba912de580b08f61e889b69db
626b970e45117d95088443df7ae71a46a5a4adec
57752c12942ff45f935d29a7b48f367459ced10ae81ff8a6a28f90d9cb9cd978
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6501
Cache-Control: max-age=91637
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:32 GMT
Etag: "6359896c-1d7"
Expires: Fri, 28 Oct 2022 21:12:49 GMT
Last-Modified: Wed, 26 Oct 2022 19:24:28 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
157.240.221.16200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.221.16:0
File type ASCII text, with very long lines (64348)
Hash 84409c129527969831699eb02cd244b9
e1bd7e37698890246e939b31510f3ab3aac605c6
54a130a13a831b71441be9bfbd1b74d8a7433a8e4bb4ab3f5ed9edde6bcd3964
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: rXJjDDUP6mviCTbw0RcKZSQhnESmRDFjkpeZdQpUupAg3eaZjYtv9w4OEtg/v7FYmHI/IMEBfSGhY5ar3O1mbA==
priority: u=3,i
content-length: 27076
x-fb-trip-id: 1679558926
date: Thu, 27 Oct 2022 19:45:32 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7e15f96ba912de580b08f61e889b69db
626b970e45117d95088443df7ae71a46a5a4adec
57752c12942ff45f935d29a7b48f367459ced10ae81ff8a6a28f90d9cb9cd978
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3539
Cache-Control: max-age=88675
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:32 GMT
Etag: "6359896c-1d7"
Expires: Fri, 28 Oct 2022 20:23:27 GMT
Last-Modified: Wed, 26 Oct 2022 19:24:28 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
notescreatecashflow.com/wp-content/uploads/2015/01/cropped-boyd-1-32x32.jpg
162.241.31.17200 OK 1.1 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2015/01/cropped-boyd-1-32x32.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3\012- data
Hash cc6dbe46980c3340b28e781eb32354c0
6956e612945ddae19a34c9f262ead36b15cadd97
62d4683d6cd92dde7ecdcf9a89f50b0457c09c0f45dd80ce8355724e7e1e35de
GET /wp-content/uploads/2015/01/cropped-boyd-1-32x32.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Jul 2019 14:04:28 GMT
accept-ranges: bytes
content-length: 1058
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2015/01/cropped-boyd-1-192x192.jpg
162.241.31.17200 OK 7.1 kB URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2015/01/cropped-boyd-1-192x192.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 192x192, components 3\012- data
Hash 2a4336e28203ee40f5b9fde7076ea510
446d3e4f40125d5590dc0c0f88b1b748a226d5cd
44cb3a0c37bb9feed3977352944935b38ecd5bb978ec7ca3895fdc6c3b100f6d
GET /wp-content/uploads/2015/01/cropped-boyd-1-192x192.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Jul 2019 14:04:25 GMT
accept-ranges: bytes
content-length: 7134
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:32 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/mailoptin/src/core/src/assets/js/mailoptin.min.js?ver=1.2.52.0
162.241.31.17200 OK 40 kB URL HTTP/2 notescreatecashflow.com/wp-content/plugins/mailoptin/src/core/src/assets/js/mailoptin.min.js?ver=1.2.52.0
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (31986)
Hash f9ef9b290bda3803cca305b3fc2615d2
c05784e772165505523a626100c654613c297702
75a6857f27c3ed5a379ba8e9f9ece207564bf904cbf35d2b1a68c2a23e2c7409
GET /wp-content/plugins/mailoptin/src/core/src/assets/js/mailoptin.min.js?ver=1.2.52.0 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:25:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 00581ae7687cd8dc0db5c5009521559a
5455923f358ef76cc9d39abe7c443cae76a509b8
f44816c3db1c6a6bed46a9776c8627671dc2c1be1b8badf0facf1ca6b2770bb1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5886
Cache-Control: max-age=122338
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:33 GMT
Etag: "635a03c1-139"
Expires: Sat, 29 Oct 2022 05:44:31 GMT
Last-Modified: Thu, 27 Oct 2022 04:06:25 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 26e60c83d7af169687cbd74f7ca924e0
00f7ceb935fe1cc423f95718a04076e4f5eca150
a041e2901d418b289c3129ce7c07a66e598f6d3ac076732635b0a9ac6fbabb89
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=2363955010536975&ev=PageView&dl=https%3A%2F%2Fnotescreatecashflow.com%2F&rl=&if=false&ts=1666899931908&sw=1280&sh=1024&v=2.9.88&r=stable&a=wordpress-5.5.11-3.0.7&ec=0&o=28&fbp=fb.1.1666899931908.1746657939&it=1666899931588&coo=false&rqm=GET
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2363955010536975&ev=PageView&dl=https%3A%2F%2Fnotescreatecashflow.com%2F&rl=&if=false&ts=1666899931908&sw=1280&sh=1024&v=2.9.88&r=stable&a=wordpress-5.5.11-3.0.7&ec=0&o=28&fbp=fb.1.1666899931908.1746657939&it=1666899931588&coo=false&rqm=GET
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2363955010536975&ev=PageView&dl=https%3A%2F%2Fnotescreatecashflow.com%2F&rl=&if=false&ts=1666899931908&sw=1280&sh=1024&v=2.9.88&r=stable&a=wordpress-5.5.11-3.0.7&ec=0&o=28&fbp=fb.1.1666899931908.1746657939&it=1666899931588&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 27 Oct 2022 19:45:33 GMT
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=a81a37ab2d368fb5cf5d8a66f5c14f55a20d8eab
104.244.42.200200 OK 355 B URL HTTP/2 syndication.twitter.com/settings?session_id=a81a37ab2d368fb5cf5d8a66f5c14f55a20d8eab
IP 104.244.42.200:0
File type JSON data\012- , ASCII text, with very long lines (851), with no line terminators
Hash 7cac009f8121486bc6c44991cf606190
ddae6074c908031f09b586d38a022e0e4add23b5
7825444c58d1293285c059256fb6e04dcd4bf7dff5a6a65972f65d55286b1e89
GET /settings?session_id=a81a37ab2d368fb5cf5d8a66f5c14f55a20d8eab HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 27 Oct 2022 19:45:32 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Thu, 27 Oct 2022 19:45:33 GMT
content-length: 355
content-encoding: gzip
x-transaction-id: 1a46dbfd1df2956f
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 104
x-connection-hash: f7d13fc07dad07812edba16076f9e2dddff7769982ddfc43c7f816ccf51c52fc
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 12:31:58 GMT
expires: Sun, 22 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 458015
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-admin/admin-ajax.php
162.241.31.17200 OK 110 B URL HTTP/2 notescreatecashflow.com/wp-admin/admin-ajax.php
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JSON data\012- , ASCII text, with no line terminators
Hash 12e3067a29d27cb6abb14610d06dce0b
5db179a0f7114880a0bb8151ac33c16bc88075cf
03d123758a0f3ee6afaead4b4bd195aa3cc4f2a623f692d8cd3b8e8f4b8206df
Analyzer Verdict Alert fortinet Phishing
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://notescreatecashflow.com/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Origin: https://notescreatecashflow.com
Content-Length: 74
Connection: keep-alive
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.1.32853396.1666899930
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://notescreatecashflow.com
access-control-allow-credentials: true
x-robots-tag: noindex
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: shield-notbot-nonce=018d639258; expires=Thu, 27-Oct-2022 19:45:47 GMT; Max-Age=15; path=/; secure
slidedeck-flash-message-flash=1; expires=Wed, 27-Oct-2021 19:45:33 GMT; Max-Age=0; path=/
slidedeck-flash-message-flash_error=1; expires=Wed, 27-Oct-2021 19:45:33 GMT; Max-Age=0; path=/
icwp-wpsf-notbot=1666900232z8caf28ff9047ed0b0cafe4cc9a95efd3150e2c5a; expires=Thu, 27-Oct-2022 19:50:32 GMT; Max-Age=299; path=/; secure
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 110
content-type: application/json; charset=UTF-8
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 00:48:31 GMT
expires: Sat, 21 Oct 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 586623
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7d4b826b3cd4f4fffd35abd60c407bdb
28e5a20b197bf6972fd097c3b302c1dd89b68f09
681fd035abbbf788f315fea7402f5e0d77b51f6167e237ff7516335911499b21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6dbacbd0a939540742f8ac82346c5dcd
8a00a49fc1575f2036891927b1e7776ba432e5aa
0b15105845eb7830b13540f94bc1425517b51597c76b5e10b1f4abc5575ac466
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Oct 2022 19:43:39 GMT
expires: Thu, 27 Oct 2022 19:58:39 GMT
cache-control: public, max-age=900
age: 116
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.66302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Thu, 27 Oct 2022 19:45:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 27 Oct 2022 19:45:35 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6dbacbd0a939540742f8ac82346c5dcd
8a00a49fc1575f2036891927b1e7776ba432e5aa
0b15105845eb7830b13540f94bc1425517b51597c76b5e10b1f4abc5575ac466
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.170200 OK 30 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.170:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 730b4194ff5a1790702ead37e45c2940
dece90ade59ab697a50d949986d0f81574cb310d
984bbb850841fa5329a9789b4316045c9299ae0db3ccd734d47a7a6e2139ce5c
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 27 Oct 2022 19:45:35 GMT
server: ESF
cache-control: private
content-length: 30470
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7d4b826b3cd4f4fffd35abd60c407bdb
28e5a20b197bf6972fd097c3b302c1dd89b68f09
681fd035abbbf788f315fea7402f5e0d77b51f6167e237ff7516335911499b21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d72765bf757c452c379ac5227cb2f26e
42ae86d1dafebdc240872bc147cf5bac1132a5a8
467a95869b7d64abef4237f35456f7800f6709b944987f8ff53606877ae13246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 548adf48ccc53ecd7c0ac1dfb27d13a3
6271706fe6ef27e23ca62a3e02782731a1d52295
fdabb8de87f72c6f3262946250085f022ace8db0339ad9bfb413c6659f8ae493
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/xEBpxSEV5kc/maxresdefault.webp
216.58.207.214200 OK 472 B URL HTTP/2 i.ytimg.com/vi_webp/xEBpxSEV5kc/maxresdefault.webp
IP 216.58.207.214:0
Hash 3b0b183412b32e34b29b1d01cc62cb03
975ef6d5d7e840ec7f5a2078bf67a6c66565120f
2248a8927a9b3b5d04841481b64dd52eb4d7df2713746120f21664a5eb596386
GET /vi_webp/xEBpxSEV5kc/maxresdefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 61988
date: Thu, 27 Oct 2022 19:45:35 GMT
expires: Thu, 27 Oct 2022 21:45:35 GMT
cache-control: public, max-age=7200
etag: "1595363403"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 27 Oct 2022 19:45:35 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.170200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.170:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7c68442385b8cdd6dd476105453912f5
b63258b618313218c0abe4971e74922a52f0be80
009c58147e7804e1fa1edfe86f5f14f4851f255e4c122f5eaedda1078a11428b
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 940
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 27 Oct 2022 19:45:35 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/AMLnZu9crABjjHghgbNroYguMCBmJ9eLjw4cu4om09NG=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 2.2 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu9crABjjHghgbNroYguMCBmJ9eLjw4cu4om09NG=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 184982b0831747a6b5ac98b30bca09bc
7ba71e8912969b6e5507e988f16392b026c41b55
1c6a58f136222fe469dee04a85ebced69e87c5fa5164f053092e8beec20f42f1
GET /ytc/AMLnZu9crABjjHghgbNroYguMCBmJ9eLjw4cu4om09NG=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 2227
x-xss-protection: 0
date: Thu, 27 Oct 2022 19:45:35 GMT
expires: Fri, 28 Oct 2022 19:45:35 GMT
cache-control: public, max-age=86400, no-transform
etag: "v18"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7a75209bdf9cfeaca312b699eb99dba2
547c6d0925d67ab57503b82b9f46c6721ba2a9ff
64368604cdd39c713f82951ac48d32408fc07d46eefcd16640541ab3005c53e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:45:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/js/bdt-uikit.min.js?ver=3.13.1
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/js/bdt-uikit.min.js?ver=3.13.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/bdthemes-element-pack-lite/assets/js/bdt-uikit.min.js?ver=3.13.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/css/bdt-uikit.css?ver=3.13.1
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/bdthemes-element-pack-lite/assets/css/bdt-uikit.css?ver=3.13.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/bdthemes-element-pack-lite/assets/css/bdt-uikit.css?ver=3.13.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-content/plugins/enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Dec 2020 16:32:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
boydmcclean.activehosted.com/f/embed.php?id=32
104.17.91.109200 OK 0 B URL HTTP/2 boydmcclean.activehosted.com/f/embed.php?id=32
IP 104.17.91.109:0
GET /f/embed.php?id=32 HTTP/1.1
Host: boydmcclean.activehosted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 27 Oct 2022 19:45:31 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 27 Oct 2022 23:45:31 GMT
cache-control: public, max-age=14400
pragma: no-cache
x-request-id: 45d8f199548c375c39f325295bd8bdca
last-modified: Thu, 27 Oct 2022 19:45:31 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 760deeb7dc2ab51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.7.8
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 16899
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fnotescreatecashflow.com
93.184.220.66200 OK 0 B URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fnotescreatecashflow.com
IP 93.184.220.66:0
GET /widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fnotescreatecashflow.com HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 637296
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 27 Oct 2022 19:45:32 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 28 Sep 2022 20:04:27 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F704)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
www.youtube.com/iframe_api
216.58.207.238200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 216.58.207.238:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 27 Oct 2022 19:45:33 GMT
date: Thu, 27 Oct 2022 19:45:33 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=j9--71hTyeQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=6FJblyV4d0Q; Domain=.youtube.com; Expires=Tue, 25-Apr-2023 19:45:33 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+102; expires=Sat, 26-Oct-2024 19:45:33 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 22 Sep 2020 19:38:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/01/living-area-with-logo-768x512.jpg
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/01/living-area-with-logo-768x512.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-content/uploads/2019/01/living-area-with-logo-768x512.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Jul 2019 14:05:30 GMT
accept-ranges: bytes
content-length: 187640
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 06 Feb 2021 12:48:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
boydmcclean.activehosted.com/f/embed.php?id=24
104.17.91.109200 OK 0 B URL HTTP/2 boydmcclean.activehosted.com/f/embed.php?id=24
IP 104.17.91.109:0
GET /f/embed.php?id=24 HTTP/1.1
Host: boydmcclean.activehosted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 27 Oct 2022 19:45:31 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 27 Oct 2022 23:45:31 GMT
cache-control: public, max-age=14400
pragma: no-cache
x-request-id: fdcc54d9e1da2469952cf24c3c96ff9c
last-modified: Thu, 27 Oct 2022 19:45:31 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 760deeb82c84b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/official-facebook-pixel/js/openbridge_plugin.js
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/official-facebook-pixel/js/openbridge_plugin.js
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/official-facebook-pixel/js/openbridge_plugin.js HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258; _ga_14Z70HW72P=GS1.1.1666899929.1.0.1666899929.0.0.0; _ga=GA1.2.32853396.1666899930; _gid=GA1.2.1106405626.1666899932; _gat_gtag_UA_111717911_1=1; _fbp=fb.1.1666899931908.1746657939; icwp-wpsf-notbot=1666900232z8caf28ff9047ed0b0cafe4cc9a95efd3150e2c5a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 06 Aug 2022 14:26:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:33 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.8
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.8
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.8 HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 15 Oct 2022 13:24:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/css
date: Thu, 27 Oct 2022 19:45:30 GMT
server: Apache
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-includes/js/wp-embed.min.js?ver=a586a679a2451aaacd9b80b5255bd36c
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-includes/js/wp-embed.min.js?ver=a586a679a2451aaacd9b80b5255bd36c
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-embed.min.js?ver=a586a679a2451aaacd9b80b5255bd36c HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Apr 2021 11:16:18 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 777
content-type: application/javascript
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2
boydmcclean.activehosted.com/f/embed.php?static=0&id=32&635ADFD2098DC&nostyles=0&preview=0
104.17.91.109200 OK 0 B URL HTTP/2 boydmcclean.activehosted.com/f/embed.php?static=0&id=32&635ADFD2098DC&nostyles=0&preview=0
IP 104.17.91.109:0
GET /f/embed.php?static=0&id=32&635ADFD2098DC&nostyles=0&preview=0 HTTP/1.1
Host: boydmcclean.activehosted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 27 Oct 2022 19:45:31 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 27 Oct 2022 23:45:31 GMT
cache-control: public, max-age=14400
pragma: no-cache
x-request-id: d23beee5f94146a3eee51a988914ce2d
last-modified: Thu, 27 Oct 2022 19:45:31 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 760deeb82c86b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
notescreatecashflow.com/wp-content/uploads/2019/01/kitchen-to-living-with-logo-768x511.jpg
162.241.31.17200 OK 0 B URL HTTP/2 notescreatecashflow.com/wp-content/uploads/2019/01/kitchen-to-living-with-logo-768x511.jpg
IP 162.241.31.17:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-content/uploads/2019/01/kitchen-to-living-with-logo-768x511.jpg HTTP/1.1
Host: notescreatecashflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notescreatecashflow.com/
Cookie: shield-notbot-nonce=018d639258
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Jul 2019 14:05:21 GMT
accept-ranges: bytes
content-length: 193379
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Thu, 27 Oct 2022 19:45:31 GMT
server: Apache
X-Firefox-Spdy: h2