r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5547
Expires: Thu, 01 Dec 2022 12:51:33 GMT
Date: Thu, 01 Dec 2022 11:19:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5833
Cache-Control: max-age=89366
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:06 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 12:08:32 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 11:18:08 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 58
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8524
Expires: Thu, 01 Dec 2022 13:41:10 GMT
Date: Thu, 01 Dec 2022 11:19:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MXHphdZr1wZesIouifnn8sLCublQDuHaJU0vt79qro9J+mXN8G/pGN5sGeXrLt6XihRr0SSDV3M=
x-amz-request-id: XTXRBPFZ4F8BYQ13
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 10:46:14 GMT
age: 1972
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul@5twealth.com
104.16.12.194301 Moved Permanently 535 B URL HTTP/1.1 incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul@5twealth.com
IP 104.16.12.194:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (520)
Hash 6c3c6d7591f07b5bd96e7810745b38c7
7b34d5b850fb37d8a3a0f9112daadced7e146cde
09d75e8292c20dda41e1cd9e48318281caf4ab9587070d858cd076497a8e765f
GET /spm-conf1?ocxf_reportspamlnk=yes&email=paul@5twealth.com HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Dec 2022 11:19:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
CF-Ray: 772b6d07ab160afa-OSL
Access-Control-Allow-Origin: *
Cache-Control: max-age=60, public, s-maxage=600, r-maxage=10
Last-Modified: Tue, 24 Aug 2021 19:35:26 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Status: 301 Moved Permanently
X-Content-Digest: da96389203dc7b05f6c85e881f5d58acef5989ba
X-Frame-Options: ALLOWALL
X-Powered-By: Phusion Passenger Enterprise 6.0.7
X-Rack-Cache: stale, valid, store
X-Request-Id: 4cbbe6cc2149524407dff3afcf8935ad
X-Runtime: 0.092916
Set-Cookie: __cf_bm=EflqXIbHif3gZcv_Al56BrpUT6xoFgcNdT.MCmrTJ1g-1669893546-0-ARLbnIFCHlp2c+W/YK9i4VnpZirhpfwFUYmzqZ5ZDK2MEOMeHy7qGTyR8wW1AEPZRNscuA4Z8giE99FafB0VWY19taxn9kXg1PvzIwuo9h+F; path=/; expires=Thu, 01-Dec-22 11:49:06 GMT; domain=.incomealert.email; HttpOnly; SameSite=None
Server: cloudflare
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:19:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ebc0329df6ccb912d8e60c75d2d1260c
ce60c4336ef3519502b9c73d45a767fc768b2702
f7b2567208d4a3d6a1be7f43b6311aa433dfa1b13f955c0528b6fc15fd088c6b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:06 GMT
Server: ECS (amb/6BA9)
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 11:08:56 GMT
cache-control: public,max-age=3600
age: 610
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 6f61cc02f95fd43414e8e55d0f895009
7c9e8167baa97528d2c11d21d28d03d3ee7c8740
c09bdf89d23c11a303dd65729606edb13817a3d077a008891d16fe4535c7cb4c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4534
Cache-Control: max-age=89105
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Etag: "63873506-118"
Expires: Fri, 02 Dec 2022 12:04:12 GMT
Last-Modified: Wed, 30 Nov 2022 10:48:38 GMT
Server: ECS (amb/6BA9)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 807b5e46dc50c29000263e4c50b3bef6
92f30964e142b0b5fd97624b63504c297489109e
eaf82c63aa1b16f21a3b0dbb3edcd20b490bba063a25a63a1b850c6b9ece9db2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5776
Cache-Control: max-age=161990
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Etag: "63884ce1-117"
Expires: Sat, 03 Dec 2022 08:18:57 GMT
Last-Modified: Thu, 01 Dec 2022 06:42:41 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
incomealert.email/assets/userevents/application.js
104.16.12.194200 OK 2.1 kB URL HTTP/2 incomealert.email/assets/userevents/application.js
IP 104.16.12.194:0
File type ASCII text, with very long lines (5244), with no line terminators
Hash 861abccb35d247a8e388112bc25fb851
25024c2cb64ca71f979d12d84f7e26efb9415c35
064d8623fbe4d41b6d001932842aef8b72b4fa04a156149452518a3eac6d19d5
Analyzer Verdict Alert fortinet Phishing
GET /assets/userevents/application.js HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: application/x-javascript
cf-ray: 772b6d0d09e5fab8-OSL
access-control-allow-origin: *
age: 3
cache-control: public, max-age=1200
etag: W/"637bf173-147c"
expires: Thu, 01 Dec 2022 11:39:07 GMT
last-modified: Mon, 21 Nov 2022 21:45:23 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 82636550758e8604b4162568f2b413af
82555ec2c38ac3939b5fff3aa242a3d34ea7988b
f53c6bbc1d16c790805894ca6437c2ef11c8990bb95f2be2a6b7a0062cad9376
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5722
Cache-Control: max-age=94990
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Etag: "6387475f-117"
Expires: Fri, 02 Dec 2022 13:42:17 GMT
Last-Modified: Wed, 30 Nov 2022 12:06:55 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5874
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Last-Modified: Thu, 01 Dec 2022 09:41:13 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
assets.clickfunnels.com/images/closemodal.png
104.16.12.194200 OK 672 B URL HTTP/2 assets.clickfunnels.com/images/closemodal.png
IP 104.16.12.194:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 19754ed4d508cf576c80cf36e0db8c50
f459beac714e5be68aa75349fa806a5642af456a
5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389
GET /images/closemodal.png HTTP/1.1
Host: assets.clickfunnels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: image/webp
content-length: 672
cf-ray: 772b6d0d7b78b50c-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 1276731
cache-control: public, max-age=2678400
content-disposition: inline; filename="closemodal.webp"
etag: "6359dae3-314"
expires: Sun, 01 Jan 2023 11:19:07 GMT
last-modified: Thu, 27 Oct 2022 01:12:03 GMT
strict-transport-security: max-age=0
vary: Accept, Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=788
set-cookie: __cf_bm=kDS0FZGAAuJafuNYwctgiEYVu.VEuOGq52vE.q.eHnw-1669893547-0-AW37NpQbw7xLWAMJf0byrr4cffatlP09QQSeVrU0JLXW5VEfIqpaW8hxEzwLdCmsVBYzvmDMS6qu4p0itaox0OKEF6mqrGCWBvKkKB/R3UsV; path=/; expires=Thu, 01-Dec-22 11:49:07 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 82636550758e8604b4162568f2b413af
82555ec2c38ac3939b5fff3aa242a3d34ea7988b
f53c6bbc1d16c790805894ca6437c2ef11c8990bb95f2be2a6b7a0062cad9376
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5722
Cache-Control: max-age=94990
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Etag: "6387475f-117"
Expires: Fri, 02 Dec 2022 13:42:17 GMT
Last-Modified: Wed, 30 Nov 2022 12:06:55 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://incomealert.email
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 231986
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.218.164.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.164.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8LlDHHX7XI/loBUS+7bGNw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X3Z9c44QNDUzDTlf3xIcDeQHqsc=
incomealert.email/vendor.js
104.16.12.194200 OK 6.2 kB URL HTTP/2 incomealert.email/vendor.js
IP 104.16.12.194:0
Hash 9bec91499b05b6a5f293de8effb4a0a6
c0a76b55363dacc2bd33e1c92496507f5fff0a76
aafefaff3fc0bc03725c5b045e7c998b5cd0eb18c77740567f24bc8a1fbc60f0
Analyzer Verdict Alert fortinet Phishing
GET /vendor.js HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: application/javascript
cf-ray: 772b6d10fc9cfab8-OSL
access-control-allow-origin: *
age: 13
cache-control: max-age=900, public
etag: W/"7422e50efbaea439fda7ef3b0eb54ee1"
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: 581e49c9b7bdd06dab54c00931f4256b223e620e
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: fresh
x-request-id: f9650624c3d32ee2684194df6d8ccb06
x-runtime: 0.021841
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ioadserve.com/siteAds.js?_=1669893546317
34.197.163.17200 OK 1.1 kB URL HTTP/1.1 ioadserve.com/siteAds.js?_=1669893546317
IP 34.197.163.17:0
Hash 6733f28f2d0dd08db3bc0e0d046b1b8b
c7a4234dc0b5de2f64ba6f0e5eb8a8c729b2ba4c
4541ea998f96ca8b30aff5e46506a876dbefadd52a2d3535ea0ab6366efe66e8
GET /siteAds.js?_=1669893546317 HTTP/1.1
Host: ioadserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 11:19:08 GMT
Server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
Last-Modified: Tue, 14 May 2019 13:50:02 GMT
ETag: "461-588d94f409f14"
Accept-Ranges: bytes
Content-Length: 1121
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript
incomealert.email/hosted/images/90/8ecc260e3d4dfeb8dba2099311a632/sin.png
104.16.12.194200 OK 799 B URL HTTP/2 incomealert.email/hosted/images/90/8ecc260e3d4dfeb8dba2099311a632/sin.png
IP 104.16.12.194:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 9d2361792133d7cd165e09d4bfd07d32
d5845b64f15db94c0770580191a507fce96ac172
1a1fc528613f23604cb60d7448c203b03f2f2bf31d5caed62b434f802e25f494
GET /hosted/images/90/8ecc260e3d4dfeb8dba2099311a632/sin.png HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NDg1MzIxMTM=:visited=true; cf:visitor_id=7b2ce11c-19f9-44d5-8414-c626b1c5e6e4; ocxf_reportspamlnk=yes; email=paul@5twealth.com; addevent_track_cookie=37be741a-70dc-48bd-0d75-9ed62f2381df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:08 GMT
content-type: image/png
content-length: 799
cf-ray: 772b6d140e83fab8-OSL
accept-ranges: bytes
age: 14
cache-control: max-age=31536000
etag: "045887d26a89d70ce9acc22c67009f5f"
last-modified: Tue, 04 Feb 2020 00:36:06 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origSize=950
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 608383d745de1f1248e53e77421af476
43dc9448671c82709c4049a486e7aefe1780d918
1a43d32a4e0522b32d340c3aa144aee34c970a28b65c04fe69169c4e19211f6b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=108710
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:19:08 GMT
Etag: "63879352-1d7"
Expires: Fri, 02 Dec 2022 17:30:58 GMT
Last-Modified: Wed, 30 Nov 2022 17:30:58 GMT
Server: nginx
Content-Length: 471
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
172.217.21.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP 172.217.21.170:0
File type ASCII text, with very long lines (32180)
Hash f16500423cc2867eff8b773df637c48f
1cd32d75b59a89c3a70274e383151a61ce0594f4
6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://intof.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 21:09:12 GMT
expires: Wed, 29 Nov 2023 21:09:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 137396
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
intof.io/frame/15e41e8d25f11b?email=paul@5twealth.com&tag=1&showtitle=1&success=
54.156.254.128200 OK 13 kB URL HTTP/1.1 intof.io/frame/15e41e8d25f11b?email=paul@5twealth.com&tag=1&showtitle=1&success=
IP 54.156.254.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (547), with CRLF, LF line terminators
Hash 5f2e74edeebb68fe256f530d079aef7e
f84b6e42f9908e785c0f187dadd2698ccbf52617
527b4cfc30381ceabdfa449620ae6457f81670c4a809ba3362f3871e7e748431
GET /frame/15e41e8d25f11b?email=paul@5twealth.com&tag=1&showtitle=1&success= HTTP/1.1
Host: intof.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 11:19:08 GMT
Server: Apache/2.4.27 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.25
X-Powered-By: PHP/7.0.25
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8011
Expires: Thu, 01 Dec 2022 13:32:39 GMT
Date: Thu, 01 Dec 2022 11:19:08 GMT
Connection: keep-alive
ioadserve.com/siteAds/io_5f3d45a63b988/983/728/90/incomealert.email?462
34.197.163.17200 OK 1.5 kB URL HTTP/1.1 ioadserve.com/siteAds/io_5f3d45a63b988/983/728/90/incomealert.email?462
IP 34.197.163.17:0
Hash f75ad1a3618b13a998e7e61c379f40c6
f3a27ccbd564148a43967808fc3cd188e22efacb
027c245766e1b978111b8ff2c5c5c79de3b7ec1e98569c213073fa9d5ba5be28
GET /siteAds/io_5f3d45a63b988/983/728/90/incomealert.email?462 HTTP/1.1
Host: ioadserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 11:19:08 GMT
Server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Content-Length: 1535
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CJiSRzIK7-rQE81gaP2We0LhgKX1YmuJKEGYEqW34Bm1KMx6NB8yhQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:29:19 GMT
age: 24589
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gsn5uUFEzDZDOMPTvW9UQxtccvRfJKUM4eJ8U99jvUGzNIKkF9SzeA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:20 GMT
age: 48588
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: eef7d417-c6ca-4e3f-ac00-1425f3d5c4a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0TSGHDIAMF_jA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdae-467c79a805dfb5622687f628;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:39:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: haFJ2LZecbT4HRbkvcaZxR4SAIx5cGxNyghKiDOJVX6xDkPwzc2wNQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:34 GMT
age: 48814
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 4823cf63-98eb-40d3-bb8b-e09cd2262f36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7SqHjYIAMF8xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c10-316b213c33ce9bc2355c0900;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tK4wl-g5kcUhVFE3iZGILhZhZSsaMzQD9JTBHj1JXV95yXs_e3gMGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 13:21:34 GMT
age: 79054
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:44:47 GMT
age: 48861
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 48815
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash af41dae27752cbbc3eb865d91eaefd74
c05229192f57027820b79a86e49ec2759a429420
20926bc3b9603a587025c194708e42bf56296ffd7b15aa34ab4d1394abccee27
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 01 Dec 2022 11:19:08 GMT
Last-Modified: Thu, 01 Dec 2022 09:40:53 GMT
Server: ECS (nyb/1D25)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RbNA9_eO1rTKlW6sJpLia7FEvRRP1n1gFeuMc3vIWbMTCCt09NRX7g==
Age: 5895
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash af41dae27752cbbc3eb865d91eaefd74
c05229192f57027820b79a86e49ec2759a429420
20926bc3b9603a587025c194708e42bf56296ffd7b15aa34ab4d1394abccee27
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96280
Date: Thu, 01 Dec 2022 11:19:08 GMT
Etag: "63874bbf-1d7"
Expires: Fri, 02 Dec 2022 14:03:48 GMT
Last-Modified: Wed, 30 Nov 2022 12:25:35 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x6spKmMN8FczLwfcqZKEhyckeyeNwPX3BTebHlPp-eaW5V8o4ieyVg==
Age: 5893
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash af41dae27752cbbc3eb865d91eaefd74
c05229192f57027820b79a86e49ec2759a429420
20926bc3b9603a587025c194708e42bf56296ffd7b15aa34ab4d1394abccee27
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96281
Date: Thu, 01 Dec 2022 11:19:08 GMT
Etag: "63874bbf-1d7"
Expires: Fri, 02 Dec 2022 14:03:49 GMT
Last-Modified: Wed, 30 Nov 2022 12:25:35 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: etRX3r_VauZ5ieqEVccyqZEm-7kEJXKW37bJDvD7_jvhuhSuAPKxYA==
Age: 5894
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash af41dae27752cbbc3eb865d91eaefd74
c05229192f57027820b79a86e49ec2759a429420
20926bc3b9603a587025c194708e42bf56296ffd7b15aa34ab4d1394abccee27
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96282
Date: Thu, 01 Dec 2022 11:19:08 GMT
Etag: "63874bbf-1d7"
Expires: Fri, 02 Dec 2022 14:03:50 GMT
Last-Modified: Wed, 30 Nov 2022 12:25:35 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PDwylaJjG0yeY9rALtipYIHuPDb4x312cQsgFf9l-bPMQe4RK2FK5w==
Age: 5895
s3.amazonaws.com/iosite/dispi.png
52.216.239.157200 OK 3.2 kB URL HTTP/1.1 s3.amazonaws.com/iosite/dispi.png
IP 52.216.239.157:0
File type PNG image data, 100 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash d410dc13c97e66d42899f0b4755b9865
661f71825d64b4a1486130855f7c7a21fc2a2be1
47a6e9b0fb444a85b41a730599660ec159b2fd77d4315eb82b346ba8541a27c6
GET /iosite/dispi.png HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: s7kRXzs34uUoU6q5KzGA1zpmw/LhZ8+NoF09lgL4g7R4YH2FPaCsCxbDNclWae0YlBaUeE9SriU=
x-amz-request-id: MQ6X9CFH65YD5JKG
Date: Thu, 01 Dec 2022 11:19:10 GMT
Last-Modified: Mon, 22 Apr 2019 10:04:50 GMT
ETag: "d410dc13c97e66d42899f0b4755b9865"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 3171
s3.amazonaws.com/iores/1637e8516152b4
52.216.239.157200 OK 167 kB URL HTTP/1.1 s3.amazonaws.com/iores/1637e8516152b4
IP 52.216.239.157:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 800x600, components 3\012- data
Size 167 kB (166813 bytes)
Hash 253519a014a820255b7946d9ca4dbf92
828b99d0385ad5604b738f28982132e42b9659c1
b6629bac06066636476546ff6afa08a89feeabfe787732b92da55bd50e70f820
GET /iores/1637e8516152b4 HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://intof.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: eEK1ID6z637uM9ILBz/zjgJT5CtWcYUXlfNNcMd48CnrO4IKe1zDKrEVhVGyxHeAvf0YULr80Tg=
x-amz-request-id: 6N8JWGNYNEFZFMBQ
Date: Thu, 01 Dec 2022 11:19:09 GMT
Last-Modified: Wed, 23 Nov 2022 20:39:51 GMT
ETag: "253519a014a820255b7946d9ca4dbf92"
x-amz-meta-user: 279
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 166813
s3.amazonaws.com/iores/1637bc5dab3435
52.216.239.157200 OK 36 kB URL HTTP/1.1 s3.amazonaws.com/iores/1637bc5dab3435
IP 52.216.239.157:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash ce68a77a86e473cbba2290d83fd3c637
0c964cb86458f290fafadba2b484e017eeb1f443
fa87cfe4c10b3c5db978cacc485b6638abfa76f351da7e418b2a1fa3d75fc0a1
GET /iores/1637bc5dab3435 HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Q831EdUlDtXBuNCq23GYRKECHhKum89cECHzmUik+qde5l4iMvUuDlJRDLIt9RmaFdIqLx7HjEQ=
x-amz-request-id: MQ6JCEPT9JVCT6A7
Date: Thu, 01 Dec 2022 11:19:10 GMT
Last-Modified: Mon, 21 Nov 2022 18:39:23 GMT
ETag: "ce68a77a86e473cbba2290d83fd3c637"
x-amz-meta-user: 260
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 35541
s3.amazonaws.com/iores/16165a8d9cf267
52.216.239.157200 OK 351 kB URL HTTP/1.1 s3.amazonaws.com/iores/16165a8d9cf267
IP 52.216.239.157:0
File type PNG image data, 800 x 600, 8-bit/color RGB, non-interlaced\012- data
Size 351 kB (351372 bytes)
Hash ea7ad2acec513badb3091560573f3430
59e682827cda081d3e23f452178322f4c6cae970
ffffd7c5d390af5d2be02bbf5921b236af75b50ad34bc1ef7e2d42f8f9c30209
GET /iores/16165a8d9cf267 HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://intof.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: RpBw2rcqc9PSLTEB+CGWPs939WhvA6JW40J/ZYoMPmmkDXGbXYbkNo0u73UCyDcJUHioKrljyz8=
x-amz-request-id: 6N8S8XE7DBNJR2H7
Date: Thu, 01 Dec 2022 11:19:09 GMT
Last-Modified: Tue, 12 Oct 2021 15:25:14 GMT
ETag: "ea7ad2acec513badb3091560573f3430"
x-amz-meta-user: 188
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 351372
s3.amazonaws.com/iores/1608192f7e098b
52.216.239.157200 OK 456 kB URL HTTP/1.1 s3.amazonaws.com/iores/1608192f7e098b
IP 52.216.239.157:0
File type PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced\012- data
Size 456 kB (455672 bytes)
Hash c08948b7391c8ee2b8f1af5fef3c0bce
31d82a9f897466d658715d65de985deba8efd749
a3ce35e3ab34aab70096f71139aa23f85d05a17aef04251dc4e0a62356bef1d0
GET /iores/1608192f7e098b HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://intof.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: BqOcp3VZxXWRCtHKpoufDdPHPD9OT8lKfbMCtOozz5LMcG0ObaEhAgY3SS9wfVGR3Hsy0TlpU/g=
x-amz-request-id: 6N8X1VTA20GSMS54
Date: Thu, 01 Dec 2022 11:19:09 GMT
Last-Modified: Thu, 22 Apr 2021 15:15:05 GMT
ETag: "c08948b7391c8ee2b8f1af5fef3c0bce"
x-amz-meta-user: 90
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 455672
s3.amazonaws.com/iores/1635fe892268d2
52.216.239.157200 OK 4.0 MB URL HTTP/1.1 s3.amazonaws.com/iores/1635fe892268d2
IP 52.216.239.157:0
File type PNG image data, 2068 x 1152, 8-bit/color RGBA, non-interlaced\012- data
Size 4.0 MB (4015307 bytes)
Hash d788eecf3c7ecab1c03db6d37f54dd32
3df1b86eaea42bac5cc0a8eca2e64a8b316265e2
94432e7728e33ba6236ce9d295807ba0d7307a3e72fb5c91f1f4b1b1f80b61e8
GET /iores/1635fe892268d2 HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://intof.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: DSk8exeleRTaL2w3fhwm0OWlXAbTXceY9dq03UUUxBsIt2pMBWtdUkBFj28AxGJxYVBGcViCskk=
x-amz-request-id: 6N8R7BRE7RW98VN6
Date: Thu, 01 Dec 2022 11:19:09 GMT
Last-Modified: Mon, 31 Oct 2022 15:24:03 GMT
ETag: "d788eecf3c7ecab1c03db6d37f54dd32"
x-amz-meta-user: 1948
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 4015307
js-agent.newrelic.com/552.2d6a2503-1220.js
151.101.194.137200 OK 5.9 kB URL HTTP/2 js-agent.newrelic.com/552.2d6a2503-1220.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (21423)
Hash 097ef34c5f5d635a147bca3721bd605b
3b31ef3cfb1d62d9884d631ec2467b9d6b0d46e2
3e05d4e42c1e87b516b525574b20d2570dccc50d1bd1b2956d6421699aa19914
GET /552.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PnZFPtaQ6Oa8SvsR598yLCynwQMleyjLyE8+/6kXxv1ZfRit6gnSEEKUHnQ2vqYi8syHn+Nxcq4=
x-amz-request-id: XM6WHM0J4M8X38WQ
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
etag: "777ac0df4dba632ad1b2955c88dd51ac"
x-amz-version-id: 7EjqUQ3uiXAFqO0VnIOp2ymSTJq3JZwD
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 11:19:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 2039
x-timer: S1669893550.195878,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5890
X-Firefox-Spdy: h2
incomealert.email/cdn-cgi/rum?
104.16.12.194204 No Content 0 B URL HTTP/2 incomealert.email/cdn-cgi/rum?
IP 104.16.12.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 9984
Origin: https://incomealert.email
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NDg1MzIxMTM=:visited=true; cf:visitor_id=7b2ce11c-19f9-44d5-8414-c626b1c5e6e4; ocxf_reportspamlnk=yes; email=paul@5twealth.com; addevent_track_cookie=37be741a-70dc-48bd-0d75-9ed62f2381df
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 11:19:10 GMT
access-control-allow-origin: https://incomealert.email
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 772b6d213f05fab8-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
incomealert.email/images/background.png?_unique=0.3543923711606506&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//incomealert.email/spm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com&_title=Thank%20you%20for%20reporting%20this%20message%20as%20Spam.&_key=xfhq92xu&_page_key=npke0v4znb6zc22o&_fid=9692912&_fspos=7&_fvrs=1&_funnel_stat=0&_location=https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com&_referrer=
104.16.12.194200 OK 721 B URL HTTP/2 incomealert.email/images/background.png?_unique=0.3543923711606506&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//incomealert.email/spm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com&_title=Thank%20you%20for%20reporting%20this%20message%20as%20Spam.&_key=xfhq92xu&_page_key=npke0v4znb6zc22o&_fid=9692912&_fspos=7&_fvrs=1&_funnel_stat=0&_location=https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com&_referrer=
IP 104.16.12.194:0
File type ASCII text, with no line terminators
Hash 670ca33026aa9ad5ea5f5a6f19ba9a27
16ec358108cad075303c2a05a15212eab377d483
d84fa32419094cf4d2a2706371fbf8d6163fdbb542dbd06f5809dc3cbea80c63
GET /images/background.png?_unique=0.3543923711606506&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//incomealert.email/spm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com&_title=Thank%20you%20for%20reporting%20this%20message%20as%20Spam.&_key=xfhq92xu&_page_key=npke0v4znb6zc22o&_fid=9692912&_fspos=7&_fvrs=1&_funnel_stat=0&_location=https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com&_referrer= HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NDg1MzIxMTM=:visited=true; cf:visitor_id=7b2ce11c-19f9-44d5-8414-c626b1c5e6e4; ocxf_reportspamlnk=yes; email=paul@5twealth.com; addevent_track_cookie=37be741a-70dc-48bd-0d75-9ed62f2381df
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:10 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 772b6d207e93fab8-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store, private
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
status: 200 OK
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: fc192243a4ba0de5e65695606d1af221
x-runtime: 0.019132
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
js-agent.newrelic.com/290.2d6a2503-1220.js
151.101.194.137200 OK 3.4 kB URL HTTP/2 js-agent.newrelic.com/290.2d6a2503-1220.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (8544)
Hash b9baa2cb6a3b1a3d0fda03cd7db51631
42d37467e05182e3cab2fcb54577dc462adcf50b
31a8b4d47298cae24c66e37256a51474ae88a745fdfec79f99b2d43608e6d822
GET /290.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: w13KyJHc6nZxbdEwslB41w8/Eu8hqTxWFthe9Ce9ktH5t1CQfPDcADzeIbbM0XmVboDReCBCqwPazqB/yCHcHQ==
x-amz-request-id: ENM21W9CJ64N9SCW
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "13898fbb4d7a1f83fc6722c4c12faf40"
x-amz-version-id: C4hj6k9j4I7xXuTBZvcbX78Bf.Ep8KMk
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 11:19:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 1646
x-timer: S1669893550.398373,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3424
X-Firefox-Spdy: h2
js-agent.newrelic.com/368.2d6a2503-1220.js
151.101.194.137200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/368.2d6a2503-1220.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (3382)
Hash fa50a55750d1d0978fca32be5dbc3988
a7f447621d48b3ecf7fc0192b515d506d3d1ad18
c621038fb07e536af8a1ec6d260853dfe69055dc2fb526700919c53b3b7e5f20
GET /368.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: GUwozRedGseijuU5ypA/WbbnDIf/u5E5/2u5+kb3ugz/wj5jQhWm8oFz9CQSV79o7P1yeeJAp+M=
x-amz-request-id: K9T2FMDPRF0ZCE4Q
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "16b4f3676c3859e1378a2ccdebbad675"
x-amz-version-id: zC.KoTaM7bjdFj.W4KQMilxtjXXSNPks
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 11:19:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 2000
x-timer: S1669893550.398533,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1443
X-Firefox-Spdy: h2
js-agent.newrelic.com/768.2d6a2503-1220.js
151.101.194.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/768.2d6a2503-1220.js
IP 151.101.194.137:0
File type ASCII text, with very long lines (5523)
Hash 98a96a3306b7723c0b8c4bff074cdd9f
e9070da7daa34fa2d8ac2e4ec00e3c499ea37516
a6079d50fa4c72b521fd865e67be080b5b21c336a71dbf7a1800a12ad42384f7
GET /768.2d6a2503-1220.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: P4mBsEL/DTAFzpZmpgTrdkaNBJrByz58gWXjGItRhFpF6Y8vCPU2Lz0KL/HwWqBLBPUd/7ipab8=
x-amz-request-id: XM6J50R0X1MZPD9F
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
etag: "d6cc8b42eda6fd7734014b03b87b5787"
x-amz-version-id: 0CJw6LdyBdZcjhOiVrtC0pLcOFtA3d5G
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 11:19:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 2213
x-timer: S1669893550.398666,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2225
X-Firefox-Spdy: h2
bam.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1220.PROD&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4375&ck=0&s=5b103a84b6ebc5bd&ref=https://incomealert.email/spm-conf1&ap=383&be=832&fe=3199&dc=746&perf=%7B%22timing%22:%7B%22of%22:1669893544676,%22n%22:0,%22f%22:392,%22dn%22:397,%22dne%22:397,%22c%22:397,%22s%22:403,%22ce%22:710,%22rq%22:711,%22rp%22:774,%22rpe%22:777,%22dl%22:815,%22di%22:1555,%22ds%22:1576,%22de%22:1677,%22dc%22:4030,%22l%22:4030,%22le%22:4139%7D,%22navigation%22:%7B%7D%7D&fcp=1195&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1220.PROD&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4375&ck=0&s=5b103a84b6ebc5bd&ref=https://incomealert.email/spm-conf1&ap=383&be=832&fe=3199&dc=746&perf=%7B%22timing%22:%7B%22of%22:1669893544676,%22n%22:0,%22f%22:392,%22dn%22:397,%22dne%22:397,%22c%22:397,%22s%22:403,%22ce%22:710,%22rq%22:711,%22rp%22:774,%22rpe%22:777,%22dl%22:815,%22di%22:1555,%22ds%22:1576,%22de%22:1677,%22dc%22:4030,%22l%22:4030,%22le%22:4139%7D,%22navigation%22:%7B%7D%7D&fcp=1195&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-fc902efb332119fff33?a=367981416&v=1220.PROD&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4375&ck=0&s=5b103a84b6ebc5bd&ref=https://incomealert.email/spm-conf1&ap=383&be=832&fe=3199&dc=746&perf=%7B%22timing%22:%7B%22of%22:1669893544676,%22n%22:0,%22f%22:392,%22dn%22:397,%22dne%22:397,%22c%22:397,%22s%22:403,%22ce%22:710,%22rq%22:711,%22rp%22:774,%22rpe%22:777,%22dl%22:815,%22di%22:1555,%22ds%22:1576,%22de%22:1677,%22dc%22:4030,%22l%22:4030,%22le%22:4139%7D,%22navigation%22:%7B%7D%7D&fcp=1195&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 11:19:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 772b6d22bab2b515-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
incomealert.email/cdn-cgi/rum?
104.16.12.194204 No Content 0 B URL HTTP/2 incomealert.email/cdn-cgi/rum?
IP 104.16.12.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 590
Origin: https://incomealert.email
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NDg1MzIxMTM=:visited=true; cf:visitor_id=7b2ce11c-19f9-44d5-8414-c626b1c5e6e4; ocxf_reportspamlnk=yes; email=paul@5twealth.com; addevent_track_cookie=37be741a-70dc-48bd-0d75-9ed62f2381df; is_eu=false; npke0v4znb6zc22o=true; 9692912_viewed_7=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 11:19:15 GMT
access-control-allow-origin: https://incomealert.email
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 772b6d40aba5fab8-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
app.clickfunnels.com/userevents/?funnel_id=dXIvdzRQYnJTNmNvbUVmWFdGM0dyUT09LS1KeVNWR2JpN3ZwQ0VYQWhFMnJyV1R3PT0%3D--eabe7c1f33705ef96c54d02d15a05ca0ea139469&page_id=em94djFLTXBIWllCckMxeVNsc3hoZz09LS05dXJrQUN6ang5N255VTNiWnJFT2ZBPT0%3D--9d94796b4fc85b59da60c60f8348d57aea8fa2d1&funnel_step_id=SEZ5SCtkQm5pSE1DRWk4bVV4WG1rZz09LS1xWkdwcHVZYmJ5VGJLTjZyWCtzV1VBPT0%3D--15bc004feabb92c1c90ec864f84dc93068dfb009&user_id=ODI0NkVGc3Vxa1pQNkpoeFRFSERzUT09LS1adFVhK0F2YTFPeW13UEpCbldJam1BPT0%3D--be2c198f34f36009d8a6fb5b1a7cb99a8ae15a06&account_id=eVpDeE8zL3hpY0xIa2F5bXhXTytldz09LS15UG8vb25IZHQ2TTdVZVVIRGcxZzFRPT0%3D--ea5e01717958309256416f30f73bec6063d03bb0&page_code=NDg1MzIxMTM%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1280&type=Userevents::UniquePageviewsCreatedSummary&nonce=47eca74a-946e-4229-b40b-be86f89efc35&url=https%3A%2F%2Fincomealert.email%2Fspm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com
104.16.12.194202 Accepted 0 B URL HTTP/2 app.clickfunnels.com/userevents/?funnel_id=dXIvdzRQYnJTNmNvbUVmWFdGM0dyUT09LS1KeVNWR2JpN3ZwQ0VYQWhFMnJyV1R3PT0%3D--eabe7c1f33705ef96c54d02d15a05ca0ea139469&page_id=em94djFLTXBIWllCckMxeVNsc3hoZz09LS05dXJrQUN6ang5N255VTNiWnJFT2ZBPT0%3D--9d94796b4fc85b59da60c60f8348d57aea8fa2d1&funnel_step_id=SEZ5SCtkQm5pSE1DRWk4bVV4WG1rZz09LS1xWkdwcHVZYmJ5VGJLTjZyWCtzV1VBPT0%3D--15bc004feabb92c1c90ec864f84dc93068dfb009&user_id=ODI0NkVGc3Vxa1pQNkpoeFRFSERzUT09LS1adFVhK0F2YTFPeW13UEpCbldJam1BPT0%3D--be2c198f34f36009d8a6fb5b1a7cb99a8ae15a06&account_id=eVpDeE8zL3hpY0xIa2F5bXhXTytldz09LS15UG8vb25IZHQ2TTdVZVVIRGcxZzFRPT0%3D--ea5e01717958309256416f30f73bec6063d03bb0&page_code=NDg1MzIxMTM%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1280&type=Userevents::UniquePageviewsCreatedSummary&nonce=47eca74a-946e-4229-b40b-be86f89efc35&url=https%3A%2F%2Fincomealert.email%2Fspm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com
IP 104.16.12.194:0
GET /userevents/?funnel_id=dXIvdzRQYnJTNmNvbUVmWFdGM0dyUT09LS1KeVNWR2JpN3ZwQ0VYQWhFMnJyV1R3PT0%3D--eabe7c1f33705ef96c54d02d15a05ca0ea139469&page_id=em94djFLTXBIWllCckMxeVNsc3hoZz09LS05dXJrQUN6ang5N255VTNiWnJFT2ZBPT0%3D--9d94796b4fc85b59da60c60f8348d57aea8fa2d1&funnel_step_id=SEZ5SCtkQm5pSE1DRWk4bVV4WG1rZz09LS1xWkdwcHVZYmJ5VGJLTjZyWCtzV1VBPT0%3D--15bc004feabb92c1c90ec864f84dc93068dfb009&user_id=ODI0NkVGc3Vxa1pQNkpoeFRFSERzUT09LS1adFVhK0F2YTFPeW13UEpCbldJam1BPT0%3D--be2c198f34f36009d8a6fb5b1a7cb99a8ae15a06&account_id=eVpDeE8zL3hpY0xIa2F5bXhXTytldz09LS15UG8vb25IZHQ2TTdVZVVIRGcxZzFRPT0%3D--ea5e01717958309256416f30f73bec6063d03bb0&page_code=NDg1MzIxMTM%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1280&type=Userevents::UniquePageviewsCreatedSummary&nonce=47eca74a-946e-4229-b40b-be86f89efc35&url=https%3A%2F%2Fincomealert.email%2Fspm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://incomealert.email
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 202 Accepted
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: text/html
cf-ray: 772b6d114bec1c16-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 2f1dd5cde7bec5e9559d1ca430f216d9
x-runtime: 0.048833
set-cookie: __cf_bm=3zUpuv5Ytned2_lHnoNE2TJDAQkaY5NjJ9.mUQ4jc34-1669893547-0-AYRRkXI22kUE2jsuuAsTNn/feh3vY67QpHC0GgMOnB9xzyISYkfbI0HeSPIH+P8OCqwHBBPRqV1vU+oP9Ejt72U3fhsMILxyZZbA4qldDWMe; path=/; expires=Thu, 01-Dec-22 11:49:07 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
IP 142.250.74.106:0
GET /css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 11:19:07 GMT
date: Thu, 01 Dec 2022 11:19:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
IP 172.64.133.15:0
GET /releases/v5.9.0/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: text/css
x-amz-id-2: lj0FvMnfC9mptRM/Gd0lw9lT7Zj4wo+oaxaEYLcDnZaRJXq3Oc/kbTmcEwen2MxXaG9FhyIrGnI=
x-amz-request-id: 9D38DJ2PTJVFVSCR
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"e140a7d32f343530f016095df3cc2ae4"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 396475
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KuJEMYucGUzjidCc%2FM4h7z5Lh76vUbpnv8KVrifv0qLLpZMEIKW6%2F9BOmEnvFrlIZUhmxpi2Dg6CVF6hzgYwmbjTsJyPwuQo3OSg%2FdL98mQKJ67Au9xhEIN00Dzv9t8uuDBOU%2B6W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772b6d0ddd4a7689-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
incomealert.email/assets/lander.js
104.16.12.194200 OK 0 B URL HTTP/2 incomealert.email/assets/lander.js
IP 104.16.12.194:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/lander.js HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: application/x-javascript
cf-ray: 772b6d0d09e7fab8-OSL
access-control-allow-origin: *
age: 64
cache-control: public, max-age=1200
etag: W/"637bf1b5-2391a3"
expires: Thu, 01 Dec 2022 11:39:07 GMT
last-modified: Mon, 21 Nov 2022 21:46:29 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
app.clickfunnels.com/userevents/?funnel_id=dXIvdzRQYnJTNmNvbUVmWFdGM0dyUT09LS1KeVNWR2JpN3ZwQ0VYQWhFMnJyV1R3PT0%3D--eabe7c1f33705ef96c54d02d15a05ca0ea139469&page_id=em94djFLTXBIWllCckMxeVNsc3hoZz09LS05dXJrQUN6ang5N255VTNiWnJFT2ZBPT0%3D--9d94796b4fc85b59da60c60f8348d57aea8fa2d1&funnel_step_id=SEZ5SCtkQm5pSE1DRWk4bVV4WG1rZz09LS1xWkdwcHVZYmJ5VGJLTjZyWCtzV1VBPT0%3D--15bc004feabb92c1c90ec864f84dc93068dfb009&user_id=ODI0NkVGc3Vxa1pQNkpoeFRFSERzUT09LS1adFVhK0F2YTFPeW13UEpCbldJam1BPT0%3D--be2c198f34f36009d8a6fb5b1a7cb99a8ae15a06&account_id=eVpDeE8zL3hpY0xIa2F5bXhXTytldz09LS15UG8vb25IZHQ2TTdVZVVIRGcxZzFRPT0%3D--ea5e01717958309256416f30f73bec6063d03bb0&page_code=NDg1MzIxMTM%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1280&type=Userevents::PageviewsCreatedSummary&nonce=fe7b67f3-cd45-4b35-9872-55400a708932&url=https%3A%2F%2Fincomealert.email%2Fspm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com
104.16.12.194202 Accepted 0 B URL HTTP/2 app.clickfunnels.com/userevents/?funnel_id=dXIvdzRQYnJTNmNvbUVmWFdGM0dyUT09LS1KeVNWR2JpN3ZwQ0VYQWhFMnJyV1R3PT0%3D--eabe7c1f33705ef96c54d02d15a05ca0ea139469&page_id=em94djFLTXBIWllCckMxeVNsc3hoZz09LS05dXJrQUN6ang5N255VTNiWnJFT2ZBPT0%3D--9d94796b4fc85b59da60c60f8348d57aea8fa2d1&funnel_step_id=SEZ5SCtkQm5pSE1DRWk4bVV4WG1rZz09LS1xWkdwcHVZYmJ5VGJLTjZyWCtzV1VBPT0%3D--15bc004feabb92c1c90ec864f84dc93068dfb009&user_id=ODI0NkVGc3Vxa1pQNkpoeFRFSERzUT09LS1adFVhK0F2YTFPeW13UEpCbldJam1BPT0%3D--be2c198f34f36009d8a6fb5b1a7cb99a8ae15a06&account_id=eVpDeE8zL3hpY0xIa2F5bXhXTytldz09LS15UG8vb25IZHQ2TTdVZVVIRGcxZzFRPT0%3D--ea5e01717958309256416f30f73bec6063d03bb0&page_code=NDg1MzIxMTM%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1280&type=Userevents::PageviewsCreatedSummary&nonce=fe7b67f3-cd45-4b35-9872-55400a708932&url=https%3A%2F%2Fincomealert.email%2Fspm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com
IP 104.16.12.194:0
GET /userevents/?funnel_id=dXIvdzRQYnJTNmNvbUVmWFdGM0dyUT09LS1KeVNWR2JpN3ZwQ0VYQWhFMnJyV1R3PT0%3D--eabe7c1f33705ef96c54d02d15a05ca0ea139469&page_id=em94djFLTXBIWllCckMxeVNsc3hoZz09LS05dXJrQUN6ang5N255VTNiWnJFT2ZBPT0%3D--9d94796b4fc85b59da60c60f8348d57aea8fa2d1&funnel_step_id=SEZ5SCtkQm5pSE1DRWk4bVV4WG1rZz09LS1xWkdwcHVZYmJ5VGJLTjZyWCtzV1VBPT0%3D--15bc004feabb92c1c90ec864f84dc93068dfb009&user_id=ODI0NkVGc3Vxa1pQNkpoeFRFSERzUT09LS1adFVhK0F2YTFPeW13UEpCbldJam1BPT0%3D--be2c198f34f36009d8a6fb5b1a7cb99a8ae15a06&account_id=eVpDeE8zL3hpY0xIa2F5bXhXTytldz09LS15UG8vb25IZHQ2TTdVZVVIRGcxZzFRPT0%3D--ea5e01717958309256416f30f73bec6063d03bb0&page_code=NDg1MzIxMTM%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1280&type=Userevents::PageviewsCreatedSummary&nonce=fe7b67f3-cd45-4b35-9872-55400a708932&url=https%3A%2F%2Fincomealert.email%2Fspm-conf1%3Focxf_reportspamlnk%3Dyes%26email%3Dpaul%25405twealth.com HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://incomealert.email
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 202 Accepted
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: text/html
cf-ray: 772b6d114bea1c16-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: cae6077b98363b399f22d98e3510e26a
x-runtime: 0.034909
set-cookie: __cf_bm=6pckj8KwRp4DDohEKGBvEYoT8WvPVagIDDMRKcErQdE-1669893547-0-Abz5pYmKxiSbtBfNNUGZQ1n4oPnKsmT8EwB2RCuodIB1uv12kolehwQK2AAdYNalwkEktqpf81QqDKfqXKeqByu46KsST9NQ+mvd5nlH3Zj4; path=/; expires=Thu, 01-Dec-22 11:49:07 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
incomealert.email/assets/lander.css
104.16.12.194200 OK 0 B URL HTTP/2 incomealert.email/assets/lander.css
IP 104.16.12.194:0
GET /assets/lander.css HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: text/css
cf-ray: 772b6d0cf9e2fab8-OSL
access-control-allow-origin: *
age: 983
cache-control: public, max-age=1200
etag: W/"637bf173-6a514"
expires: Thu, 01 Dec 2022 11:39:07 GMT
last-modified: Mon, 21 Nov 2022 21:45:23 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
incomealert.email/assets/pushcrew.js
104.16.12.194200 OK 0 B URL HTTP/2 incomealert.email/assets/pushcrew.js
IP 104.16.12.194:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/pushcrew.js HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
Cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: application/x-javascript
cf-ray: 772b6d0d09effab8-OSL
access-control-allow-origin: *
age: 64
cache-control: public, max-age=1200
etag: W/"637bf172-27d"
expires: Thu, 01 Dec 2022 11:39:07 GMT
last-modified: Mon, 21 Nov 2022 21:45:22 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
104.16.12.194200 OK 0 B URL HTTP/2 incomealert.email/spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com
IP 104.16.12.194:0
GET /spm-conf1?ocxf_reportspamlnk=yes&email=paul%405twealth.com HTTP/1.1
Host: incomealert.email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:06 GMT
content-type: text/html; charset=utf-8
cf-ray: 772b6d0ba906fab8-OSL
access-control-allow-origin: *
age: 13
cache-control: max-age=60, public, s-maxage=600, r-maxage=10
last-modified: Tue, 24 Aug 2021 19:35:26 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: dc83771248571450f53a0d31b27f25c5349b03eb
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: stale, valid, store
x-request-id: fdacc8ffcb13bca16885345098be39c6
x-runtime: 0.377556
set-cookie: __cf_bm=qOrf4nqUmYUgdBunKMk.hZs4FFHiDRR4dW7wvmZTra4-1669893546-0-AXo3fxW6s0Zj6W+T9YZs1h3wJbYTDPencbi+zmaENfTplIVKT0CJcr4Dhv5M9Foq3YboAQ0D6ozy1e6yKo7slVIX/WAIfHJHzq0EGszwMX9m; path=/; expires=Thu, 01-Dec-22 11:49:06 GMT; domain=.incomealert.email; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.57.101200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.57.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://incomealert.email
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 772b6d0d7b71b51e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.9.0/css/all.css
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.9.0/css/all.css
IP 172.64.133.15:0
GET /releases/v5.9.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://incomealert.email/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:19:07 GMT
content-type: text/css
x-amz-id-2: aTwuyWgaPvMb6JWlB6xk6ko4jaJeYcep7GkUNwiiQ54PacIiib0YpvXLB8kuH9wuaqemxGQSQA4=
x-amz-request-id: PSJN9FGRVEEQCVY1
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2657429
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rM%2F5GJDPMXBdWrcpAScqtqpwRaWjRXR%2FFRUe5bRu989Kd9FXZagSEtk12u%2FzXzYzgC6QeGM8kzfYFI4r9FfZ1lj3wS3qx2l5q8mmuM%2Biu5o9yEYTLXgkJwlRcF%2FicuF%2FFshwvtGe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772b6d0dad0a7689-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2