my.forms.app/form/62ef4dc42b6a8726fe7f04c9
104.26.6.145301 Moved Permanently 0 B URL HTTP/1.1 my.forms.app/form/62ef4dc42b6a8726fe7f04c9
IP 104.26.6.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /form/62ef4dc42b6a8726fe7f04c9 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Sep 2022 18:50:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 19:50:12 GMT
Location: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9D6LwFVnda23sLsjP7W73x1vJdbZ2eU1YyH7PJsRhuv9u8uzWU6f0UKMdmvBOnhnnSKveqjwfwgAC1KFyy8BXTHOWr2KU9FS%2FSpLdhIvimI3xLUHZPCXsRYueYVVcA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7479de571ed7b4fd-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6605
Expires: Thu, 08 Sep 2022 20:40:18 GMT
Date: Thu, 08 Sep 2022 18:50:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 18:05:21 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JbR2WWLH6iE0HJKBsgh-d3BBhtTnfEo5wdUeFuBE8weVxMla9TOmjw==
Age: 2692
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yMdBvkQqKWG76NovrR3Czc5OMO8dGg_h6p9MjAgfTvdKX7oBxbUbmQ==
age: 54219
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 652bdaaaca09a66fc9a260163eee7aeb
f59f82dd2c189cdff5c641ff7c53c5f257e1f2d2
bbaf18a14748bb922b9bd19125c78310a564b1aebb7de8f30af0be6fa390e7da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-WPSL383
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-WPSL383
IP 142.250.74.72:0
File type ASCII text, with very long lines (15501)
Hash d4b896a0d7b569fcd499af67742876f5
5baf15d5dfdc4f380df9f9a6560b0059afd741bb
36603c1ba9f517ce4f4c207ae696b0051f2520021cb07f3b875c17af9664d3bb
GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Sep 2022 18:50:13 GMT
expires: Thu, 08 Sep 2022 18:50:13 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Sep 2022 18:30:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75357
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.forms.app/static/css/dcomponents.2f40b.css
104.26.6.145200 OK 1.9 kB URL HTTP/2 my.forms.app/static/css/dcomponents.2f40b.css
IP 104.26.6.145:0
File type ASCII text, with very long lines (6476), with no line terminators
Hash 9c14b448805bc5cd6f69e8f46ed05b23
28b75ab68e08d93f7a0f56f2fdc6da2c03b7a9b8
8685748cd76f4bcd7ff86ca9cadb7c60287a01cee4fa72835905e71802899a38
GET /static/css/dcomponents.2f40b.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-194c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FAhIo3viLRIprUBI3Z10BKfUh%2BXAu9yp8UlZJs9P5sfu%2BHxvivXXkuMJmy8m%2B5wUFQhM38YoOjHBEG4lMgEbsOKSgFW%2F7s7x7m8Ab4JhAjwysdIDHd%2FSUoIQtojpVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa1db509-OSL
content-encoding: br
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 08 Sep 2022 18:38:18 GMT
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 19:29:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nMVtlMDN77fega9w1uCC1deUYYobHj3E9jHxga8pNIY8b_FoN7HLAA==
Age: 715
my.forms.app/static/css/vendor.88295.css
104.26.6.145200 OK 77 kB URL HTTP/2 my.forms.app/static/css/vendor.88295.css
IP 104.26.6.145:0
File type ASCII text, with very long lines (2898), with no line terminators
Hash 2c5bda7b79a2166ac6c3503010387284
cd45259c5c7b53144f30aff4b301a7e5e010b719
4144d895a81f7f31fb25b5974075dd04d24bbeab9667b2a35605d43f7554de44
GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWZUPA3rmbFA4J%2BdbfZuU22aJs3D3B9nEByXWOq1vSHY%2BWumXZM1SejzDzUdtngcdrmjX5pHWwE2NAVJ9hFAxVDz7P%2Fh2zbgxHzhD5E8IkwrGEY%2FukRLH01DrZGGXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa16b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 042105f89c8d64b470d84e052cd412d1
a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4
fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5624
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:14 GMT
Last-Modified: Thu, 08 Sep 2022 17:16:30 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
api.forms.app/user/gettimezonefromutc
104.26.7.145204 No Content 0 B URL HTTP/2 api.forms.app/user/gettimezonefromutc
IP 104.26.7.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Thu, 08 Sep 2022 18:50:14 GMT
access-control-allow-headers: authorization,content-type
access-control-allow-methods: POST
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UGxY4rtv98yXdaygDtVMI0zHUSqHizw75%2FnpynTOLZoj7oC3ZnZHGx6VRrTspmGOY4RP%2FWYvEXRdxzn1xIC1x0lcy0t5ircQ1YhqLinaD0wxBeB0Mf9h8luoAKdSwNY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5f09c90af6-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext
142.250.74.10200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext
IP 142.250.74.10:0
Hash 2241fb361c857cad93c511c1c38bfef8
0c3aa12edd39c29f6778a923c6fe20f9c6e15b40
8467f9d7fc2789cdfad84383c6bcdd254b39ffd9df7b1a20737392b0e2b7fea0
GET /css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 18:50:14 GMT
date: Thu, 08 Sep 2022 18:50:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db3d2d40f373a7ef445874e65d7f0397
087a4802f28647e830222fafc67bda30dec5fc31
4a7ff3bf120d9795d86e370be5fb2987edd4575e1ce0ab1f2f7a66ddf1e5b0d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 209953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.forms.app/static/css/asyncstyles.4869d.css
104.26.6.145200 OK 1.8 kB URL HTTP/2 my.forms.app/static/css/asyncstyles.4869d.css
IP 104.26.6.145:0
File type ASCII text, with very long lines (9557), with no line terminators
Hash 62f1916d98406da87efe61ddaf3ebfa3
79d4083ab0e48935b48cd38d526c170b3ba0cac7
4abbfca67de5f0474ccb8908081443d9719623b3fda11da42696fe7923409910
GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:29 GMT
vary: Accept-Encoding
etag: W/"6315f4cd-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L899KrxljMqFiAAwisn376aw7Q2LrnOSAmFDnptm4dXmCAz%2F5D%2BtS%2Bblu%2FmGCQZgavXob7C1DffqWPF4uryFlQu%2BVF7rGxh2U%2FaNa52GQ1KC6ULQjXQEw14nN7T95w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa1cb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db3d2d40f373a7ef445874e65d7f0397
087a4802f28647e830222fafc67bda30dec5fc31
4a7ff3bf120d9795d86e370be5fb2987edd4575e1ce0ab1f2f7a66ddf1e5b0d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.forms.app/form/62ef4dc42b6a8726fe7f04c9/view
104.26.7.145204 No Content 0 B URL HTTP/2 api.forms.app/form/62ef4dc42b6a8726fe7f04c9/view
IP 104.26.7.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /form/62ef4dc42b6a8726fe7f04c9/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 08 Sep 2022 18:50:14 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d3ApLm%2B1kO54SsNmi6keAHnaIXkKi8YufQrY%2FL1KDNGPCdcV9zoAvZOyd%2B%2FyyAItXA34BCeqgZhexsHS0L0A3H4I5FZD0mfpPAQOB8KRL%2BWaMj%2BnxP7w0AhJO1IaQTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de603aea0af6-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js
104.26.6.145200 OK 6.8 kB URL HTTP/2 my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js
IP 104.26.6.145:0
File type ASCII text, with very long lines (2823), with no line terminators
Hash e6542e11777b2b65ab814cd06fc0b4c1
1b88cfad306f824ecd187af3b9e0f31bb1e17446
6c5f3ddec6d3efde2d9f588dd8555c03a65a1a6807a37b55762ecd287a4cec85
GET /static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:39 GMT
vary: Accept-Encoding
etag: W/"6315f4d7-b07"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eL6L1m4RFReREiePaaRSC7P7uvWn6saHdwBbPUyaRMFjbXUD2MeXz%2FiGWckkHktf7P2PMhx9qdPh%2FqdeEpdsLgrOMGWIgXcoimr0Lxpbuu%2FfLEgfwI%2BV%2F1iPBrz7WA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e8819b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
104.26.6.145200 OK 899 B URL HTTP/2 my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
IP 104.26.6.145:0
File type ASCII text, with very long lines (2713), with no line terminators
Hash 01ac35986d31ab3f8e4ab9c0a91e4eab
4efb6687198144debf6f0eb5d84a7f8e5ac14cdc
ee3552708f366f7297615e1327e9edfd84c818c14db7e47bb775fa2cb5bda3af
GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:25 GMT
vary: Accept-Encoding
etag: W/"6315f4c9-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H78NS0p%2BMqXjSTzINsTyxh4taH84BhTdEt4w669F5ZCoPCKxsHB9kcbNSx6wc1xlHDWwx56HwdhuzV1o53nopTnUv9kettmkYldcoN0%2BF97LHEfbTFQNZGz%2BHWkrpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e9820b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/app.aae1e.js
104.26.6.145200 OK 71 kB URL HTTP/2 my.forms.app/static/js/app.aae1e.js
IP 104.26.6.145:0
File type Unicode text, UTF-8 text, with very long lines (65389), with no line terminators
Hash 035718b722dea66c036581a488c226a4
912eeb99bb3e222f65a4b3cf7ea2369050238582
2060acfd5594ab257669e5650d2c2d3a6816dfd442be85b3e66be9f5aa3b3950
GET /static/js/app.aae1e.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:16 GMT
vary: Accept-Encoding
etag: W/"6315f4c0-3ee9f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOU5VA%2BB16ZKu9d893mHxMB7Mek%2Fso3Z0n2eViESwuOlGkWiu%2B8ozr8lZnLe9e29WcsqPhdcBZ12LPRjNQJE8nscLQ6VU%2Fbp%2B5C0IYRE%2FwM2tkk0ub5cO9LskAqDug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa21b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
172.64.156.26200 OK 5.6 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 172.64.156.26:0
Hash 17c60d6b25e5a1be73c76fa0e57dff05
567f870a1b19344f055ba54b63ff175d33855742
6ecc429750e1092a00ebc983471916577b6df10b2af0d037bd3f3c2151783d04
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7479de5b28e00b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
my.forms.app/static/js/vuelazyload.45220.js
104.26.6.145200 OK 16 kB URL HTTP/2 my.forms.app/static/js/vuelazyload.45220.js
IP 104.26.6.145:0
File type ASCII text, with very long lines (20439)
Hash 7754db2cef6b447e7c737ecdec0de1ac
0829bf103b9c1cf3b02f00ab04da55fb81107c9c
866ce1984f453787d9095b36957539891a5889943557260f1987e38501985156
GET /static/js/vuelazyload.45220.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:44 GMT
vary: Accept-Encoding
etag: W/"6315f4dc-50a6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q3juhpYOqUywU3dph86mfts0ACE1FqT%2FND5TDG3K8m2Ccw4Yx%2F8eKQxb%2FTBmlJvFtAUdo5S1pTMP1UPN%2F0wh6sY1C66G7JfW5hRFMx%2BFjCkxV26mcCgDEfslrXIqPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e6fe2b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/FormView.2e202.css
104.26.6.145200 OK 2.4 kB URL HTTP/2 my.forms.app/static/css/FormView.2e202.css
IP 104.26.6.145:0
File type ASCII text, with very long lines (7966), with no line terminators
Hash c5b20fb991ec5749ccd77e1847038d49
f675ed6dcf9d929ec82aa7815d224ce136676494
cc8971415b5d4154feddf8b552b24e4e84770e9d6595465abbc989351c2cb6f6
GET /static/css/FormView.2e202.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-1f1e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyAIRaX3lahtsTb9tFyVhkeeEPgJgwQzQ6wPep050sJV%2FRu49MI10Mm7XKf03oLzi5WQpltDvDI92cE%2FRbgfRod5Dm3%2FkzZayg3AC4flgwvZUjK%2B0Y9ijs4TnUr8Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e9823b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/user/gettimezonefromutc
104.26.7.145200 OK 187 B URL HTTP/2 api.forms.app/user/gettimezonefromutc
IP 104.26.7.145:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 59867d166dcbb22df768da0bdaa9a095
7970fc444c0e65b50ae2ee307c3c5631d018432f
c76fe783e6da71a7c43142a57c3c7c2bd8618be00c711f92341f7a8cf0d6e77e
POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8uvqvl%2FTeA%2BWQoPgUZjso%2FcHLubyjmExOkH8UYa4KKT9SAz648rSiXahzoc%2FnH9KetKY3xePzqODZj%2FYSJz9J8ch%2BCzT5omV4cINXEJmmlhzDXewLoaE0oBNNkYl0c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de600ac20af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/formsapp-logo-white.png
104.26.6.145200 OK 6.0 kB URL HTTP/2 forms.app/assets/img/formsapp-logo-white.png
IP 104.26.6.145:0
File type PNG image data, 372 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 6ee2889a7dfce7a672edbdf7d6738417
104995abea6706eb66f18e2f044ab42f72f05340
af3b27797947e7ac9d456686cb71e31469c7b4df60ae88ae62f2b55584a3f7da
GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-length: 5999
last-modified: Thu, 08 Sep 2022 14:11:24 GMT
etag: "6319f80c-176f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WRnLis5HBDGc1phPkC51%2Bfixzij8phkKxS2UCSFcdRu9%2FXuTYxzrM1g%2BJEXsYEDh3ibcuLlqVe%2BOrLJAmJBw22FFwNf40c4R66uUggqVBpiHOnIU2WVmxCM%2B7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de6438f0b509-OSL
X-Firefox-Spdy: h2
forms.app/phishing
104.26.6.145200 OK 53 kB IP 104.26.6.145:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31063)
Hash d5173ff16f9427d6e6d079fe7ba48ded
dac2800efe04979ed4290d6f38d4018a426e4fcc
04f2549c738c65563bf90a2af9362e460f7c71cec81bd3209c1066c82f057bd6
Analyzer Verdict Alert fortinet Phishing
GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: text/html
last-modified: Thu, 08 Sep 2022 14:12:57 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CoinIKydUu5y9sbmI4CB%2B%2B6zdQCNxZH2aty6o5ShsMGYGyJirbUCza8KdqKGzOPKwN3e2LyT2UutLPqSzTVnM08s6lH8GK8isi9eBtDzej6%2BD7YRBLLOsUo8dw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de625e31b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/form-builder-blank.png
104.26.6.145200 OK 34 B URL HTTP/2 forms.app/assets/img/form-builder-blank.png
IP 104.26.6.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cda661faf5e60e281e5f56067e7909db
324a0323af79f3142387d4761198f9ace2d78b3d
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65
GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/webp
content-length: 34
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=149
content-disposition: inline; filename="form-builder-blank.webp"
vary: Accept
etag: "6319f8a2-95"
last-modified: Thu, 08 Sep 2022 14:13:54 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3RrF2xO0PnLzXoudUIwXlO364meU0w6W6TBAZHJoL1oSQ0%2Fb5%2BI1imzj7xM7AyI5%2Fkk6e5yrDEUHqB6KrJs2Z5JLjzDzPBSQFJcZ3uo9K7zPAyOiz%2F0ZCjIWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64593cb509-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/icons.2b7bf.js
104.26.6.145200 OK 81 kB URL HTTP/2 my.forms.app/static/js/icons.2b7bf.js
IP 104.26.6.145:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 19955af34736aa6a47ab6780ddad59ee
cfcd137eb8a56a551dc620f4d1b0bcce8e980e11
8476a2b2efbbac038878437ca01654c188c4a967ae9aa4a2b3c7b5ec9ff57486
GET /static/js/icons.2b7bf.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:30 GMT
vary: Accept-Encoding
etag: W/"6315f4ce-360f1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=laPoqIb26fGty7QHan09EkkOuCdWYlRSFu%2FBoGSJvm4Ob429g7kg2aMYQ0uvtlwGeiIHgM9aUagB3VuggCwOWUwQEvh8dKNcDNce9R9gZq2B2Myb5UBFWHZ0X14siQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de629ea2b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
certify-js.alexametrics.com/atrk.js
143.204.55.91200 OK 4.3 kB URL HTTP/1.1 certify-js.alexametrics.com/atrk.js
IP 143.204.55.91:0
File type ASCII text, with very long lines (4255), with no line terminators
Hash d89453438fbf10dcf4c13265c40d5160
02d5f4e46c94bf34e12b2d773f63f643ea2b3518
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Tb_7EZ5pKn0dTJouo95IZ-GMISjpKwSt9WmVNejRRWHFpdCgQRCktA==
Age: 2299692
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=13956
date: Thu, 08 Sep 2022 18:50:15 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1623)
Hash 4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 08 Sep 2022 18:50:15 GMT
expires: Thu, 08 Sep 2022 18:50:15 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3b01a4e1b6e61ede809b68f3b0f21803
f2756ddd77a39e3cd0be033bfefe493b943c65ba
e1f45a9ed2fefd1cd157f7ee4d04c18f5a3c653718b75a65204ab1ba6045247f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=2A0DC945431F6FB70460DB5C42486E5B; domain=.bing.com; expires=Tue, 03-Oct-2023 18:50:15 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 94E6BB9A0E5A4A8094E5B609C60813F1 Ref B: OSL30EDGE0411 Ref C: 2022-09-08T18:50:15Z
date: Thu, 08 Sep 2022 18:50:14 GMT
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Yim2yIto4jWDyfJKK4wNlw6PWbRsVsG/bugUGAHLBRCbSDk7aJbpoTrjpRmdDU+EBzw+cYrf98zOLMWzD5KW8Q==
priority: u=3,i
content-length: 26737
x-fb-trip-id: 1904183273
date: Thu, 08 Sep 2022 18:50:15 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f1e86d2ddbc9e712bef1dad1b5166687
a7708dcb8822d53706beb0c6a5feb021eab57d9d
946849b7035bc3e384c8323c7bbb73ecf182baf5d9b3214ebc78359a6957f3ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4177
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Last-Modified: Thu, 08 Sep 2022 17:40:38 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f791e6440ce515569bb0194eda4d603b
8d8fa952205d85133136ac352d2732bc4c838c42
c32a6a6c9669d371e94d43f6e765a8e438096c6eb8b69d719ad365255d669417
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.app/static/icons/apple-touch-icon.png?v=1
104.26.6.145200 OK 5.7 kB URL HTTP/2 forms.app/static/icons/apple-touch-icon.png?v=1
IP 104.26.6.145:0
File type PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash c43b1e0fe485cb53c3fd9330372b51c3
a0901719a49fee671cffea18381c0eb187a66f88
e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000
GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 05 Sep 2022 13:08:40 GMT
etag: "6315f4d8-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0T0LCzsEJmyJ1%2BH5iFKdVcWIyS9LFgjoF9dYAY3QcdQTGb9vQ3Mf1sEKz5Vb8xi6OMI3jTBSDuVetRmc6vfVXqdqyMOTg%2Bpym5MKLCW09NVrzqVOckKniZKzaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de664c58b509-OSL
X-Firefox-Spdy: h2
forms.app/static/icons/favicon-16x16.png?v=1
104.26.6.145200 OK 336 B URL HTTP/2 forms.app/static/icons/favicon-16x16.png?v=1
IP 104.26.6.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash daf2b94f00301f3f32d988b63290fef3
14242ca4977ec997a5d3d7e779186697e41a5c59
fd0abd01ba09e6eb0128a9f674b62173daca5a341a2a30883f60c9211d50d4b8
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/webp
content-length: 336
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=916
content-disposition: inline; filename="favicon-16x16.webp"
vary: Accept
etag: "6315f4c1-394"
last-modified: Mon, 05 Sep 2022 13:08:17 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75ZqVtMrqRG%2FXiC2O3t1w5OOWqHR%2BcC9%2F7sqUPO5ISslJ%2B9TvJGryYBYABI2QlYhhcJc5Fa9nPYEhI3xvup4YTdTsJiY57RG%2FUnlyMzg3N1zeB7LgrYE0tsJ%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de664c5bb509-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 721eb245d022db7af3e30ad4e6b94226
4a53b4e9ad119295498594089826bddea4d0b9a6
6f350e89f4e7a0cea74c003493ea950c768ffcbea234bcf68a818b60842a2f3e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.app/assets/img/phishing.png
104.26.6.145200 OK 16 kB URL HTTP/2 forms.app/assets/img/phishing.png
IP 104.26.6.145:0
File type PNG image data, 647 x 173, 8-bit/color RGBA, non-interlaced\012- data
Hash 6dc4d5bf6c0edf6c5580179a95f9ba45
e569728801513f3177f2c92eddf0f22578f68760
3f462262606da182df7b8e840e32bcb1c1547596df43a691a5e33c72c7c54c09
GET /assets/img/phishing.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.2.1900363930.1662663006; language=en; __asc=b2be70921831e701d280e87b5fd; __auc=b2be70921831e701d280e87b5fd; _gid=GA1.2.1024617488.1662663008
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-length: 16006
last-modified: Thu, 08 Sep 2022 14:11:24 GMT
etag: "6319f80c-3e86"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNANyBdLoNL0h352yRdcx6fY7BJGffPvntXZG5fg6kJUKWXzEWPJATfulnX9ILil2giozF52tBn2TnsA4deDJcjrPd1L2R9TgCN5%2BQQaZGyqzlWCU%2Bif0HMJug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de66dd4ab509-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10149
Expires: Thu, 08 Sep 2022 21:39:24 GMT
Date: Thu, 08 Sep 2022 18:50:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10149
Expires: Thu, 08 Sep 2022 21:39:24 GMT
Date: Thu, 08 Sep 2022 18:50:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10149
Expires: Thu, 08 Sep 2022 21:39:24 GMT
Date: Thu, 08 Sep 2022 18:50:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cd778a615e9a4ca3a25119790398434
d6daca74fc85d39274b3c7536f34528bef93ae97
e6b5a7a525e314e09c30985b22da7c34806df09cbe98ad52b00dcbf93a0dc054
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7251
x-amzn-requestid: 26b2021a-4440-47ce-8dba-d971cae60cc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bmHcmoAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-5471edce7de2374c3b8af888;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: d3MrDEyDFDylQKyfxONQ12_7IBvRAg8o0rSZ64WNRGNvDHqQyDmqJA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:16:27 GMT
age: 74028
etag: "d6daca74fc85d39274b3c7536f34528bef93ae97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accounts.google.com/gsi/client
216.58.207.237200 OK 81 kB URL HTTP/2 accounts.google.com/gsi/client
IP 216.58.207.237:0
Hash 91eed2d6fd36b98cea23f242c6a4a76c
c57dca4c2377e1211b755b29599f56eecfdae684
fe02da6479918d829ed75cda979fbe9d8ed066f9243c119ff94580c9248e8275
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Thu, 08 Sep 2022 18:50:15 GMT
date: Thu, 08 Sep 2022 18:50:15 GMT
cache-control: private, max-age=1800
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-ocItwMslRGKryezwJmlzAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca5b5d4ac26d97b5729a30ecdc688bc
3e633bc6c4ab9adfe84899e5209d73bef1d097eb
2c8275d1819d933f86df9685b76aea030842ba5a341c59ea88ffd2da99a5a3d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7885
x-amzn-requestid: 305dc6b7-eb3d-40ad-af89-8b60be935637
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThE3DIAMFRtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7c0b58644e26de7f27c5b388;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ry2D03udnweYHan_7KhC9IDhT01g9_73G40Fa10BdIX21tgK0Cgjiw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "3e633bc6c4ab9adfe84899e5209d73bef1d097eb"
content-type: image/jpeg
age: 75700
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a07d553b6441514870ed7e9e989a29a7
98c145b9326d1e6036fa9089d87a25232dd45b0b
373a586b596016baeb8de98022207c25af24c099c06077edbdfd837cffc31a0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7492
x-amzn-requestid: 2c5e9ff3-c7a4-4a8f-96bf-74f0ca5d9137
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9dOHguIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f87-70dbe6532b1a241e6dbe729e;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 6mfdlMHJozdykr4faiijvUuJPXVrJGU_n0MxJgCrZ-uWWdejGYfiAQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 020978022b22df6352245f09cfbc410c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
age: 73029
etag: "98c145b9326d1e6036fa9089d87a25232dd45b0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F822fb287-f1f6-45a1-be54-4fa7385bb163.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F822fb287-f1f6-45a1-be54-4fa7385bb163.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f73ee4e91b38eaa36cadd4c437785f8
6ceea057f5ae50b9cef505da0a358e3d3b7d6a38
778d28e14b28c154843403470136d0efdcdd5e93e4b5aab784c12d4344e7af6f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F822fb287-f1f6-45a1-be54-4fa7385bb163.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11365
x-amzn-requestid: d50039cd-381c-4221-997e-9231d40ecfbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9V0EHEoAMFeag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f58-11cab61904bd14462cd13d0d;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: z7RyNwWgq5r9B2WMa5ibpo3d8DXFSFCCrEHpMvc0Q5SqE2x1ovaV-g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 020978022b22df6352245f09cfbc410c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:41:33 GMT
age: 72522
etag: "6ceea057f5ae50b9cef505da0a358e3d3b7d6a38"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffca3b7c7-528e-421a-8910-451f0b9b667f.webp
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffca3b7c7-528e-421a-8910-451f0b9b667f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 09267c271a56ba4c2d4197543f264fac
67ae4acd88571da51b81fa7ed963b7f2a71845b4
906163f9e1bb8908ae7fcfbf4debc2a42fd14a3f90c8814536025a57ee851dbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffca3b7c7-528e-421a-8910-451f0b9b667f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8162
x-amzn-requestid: decb1d93-bcc9-4a71-a054-c537ad7d1add
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YJvndF1fIAMFv7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a2c95-27cef2465fd0e6c849da81af;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 17:55:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: C_J0m9xfkCb5qsoO934KB2Ldk1-yMaMXkgiv9gWus7JqjN3M_HCpdg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 17:56:29 GMT
age: 3226
etag: "67ae4acd88571da51b81fa7ed963b7f2a71845b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662663007528&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=16828573487&sess_cookie=b2be70921831e701d280e87b5fd&sess_cookie_flag=1&user_cookie=b2be70921831e701d280e87b5fd&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
54.230.111.107200 OK 43 B URL HTTP/1.1 certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662663007528&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=16828573487&sess_cookie=b2be70921831e701d280e87b5fd&sess_cookie_flag=1&user_cookie=b2be70921831e701d280e87b5fd&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
IP 54.230.111.107:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662663007528&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=16828573487&sess_cookie=b2be70921831e701d280e87b5fd&sess_cookie_flag=1&user_cookie=b2be70921831e701d280e87b5fd&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 08 Sep 2022 03:28:58 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bqJlNfJnQ6gDlxLj9YiPtSW7ypJJ82pu9QrPowglLgol992KeWFOsw==
Age: 55278
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=89d3b8bd-cefe-428e-a46b-78ea1e112a18&sid=0f115a602fa711ed9a754103b0df9bd2&vid=0f115b802fa711edbb8b2bc8ccfd264c&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=660&pt=1662663006828,,,,,0,0,0,0,0,0,44,240,241,251,652,658,660,,,&pn=0,0&evt=pageLoad&sv=1&rn=378939
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=89d3b8bd-cefe-428e-a46b-78ea1e112a18&sid=0f115a602fa711ed9a754103b0df9bd2&vid=0f115b802fa711edbb8b2bc8ccfd264c&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=660&pt=1662663006828,,,,,0,0,0,0,0,0,44,240,241,251,652,658,660,,,&pn=0,0&evt=pageLoad&sv=1&rn=378939
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=89d3b8bd-cefe-428e-a46b-78ea1e112a18&sid=0f115a602fa711ed9a754103b0df9bd2&vid=0f115b802fa711edbb8b2bc8ccfd264c&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=660&pt=1662663006828,,,,,0,0,0,0,0,0,44,240,241,251,652,658,660,,,&pn=0,0&evt=pageLoad&sv=1&rn=378939 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=19354C29F53669D0024D5E30F46168EE; domain=.bing.com; expires=Tue, 03-Oct-2023 18:50:15 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4EF8B990F685440BB8ED2A03D2EEE585 Ref B: OSL30EDGE0411 Ref C: 2022-09-08T18:50:15Z
date: Thu, 08 Sep 2022 18:50:14 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662663007578&cv=9&fst=1662663007578&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1960450638.1662663006&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.98200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662663007578&cv=9&fst=1662663007578&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1960450638.1662663006&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2304), with no line terminators
Hash 500f0b75b5b422593283d136b09f0c5d
90e3f03a1d0896cb4fe4c62317f3278278c0248c
1538ab4873a92edb3ada543cfb36df3faa1ad6a5d6922b8b61387c8b63967356
GET /pagead/viewthroughconversion/587928374/?random=1662663007578&cv=9&fst=1662663007578&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1960450638.1662663006&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 18:50:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1034
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Sep-2022 19:05:15 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash dad8f08be4d6d5166c7f54004cb37c64
949b5738d5c880445510774f1da0e0af667308b3
398205f8248c3e00126eb21e6cb1d4e21a981a1b46d59ff4993e6023f33c6b9f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=1900363930.1662663006&jid=53451989&gjid=2062963533&_gid=1024617488.1662663008&_u=aCDAgEAjAAAAAE~&z=562482020
142.251.1.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=1900363930.1662663006&jid=53451989&gjid=2062963533&_gid=1024617488.1662663008&_u=aCDAgEAjAAAAAE~&z=562482020
IP 142.251.1.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=1900363930.1662663006&jid=53451989&gjid=2062963533&_gid=1024617488.1662663008&_u=aCDAgEAjAAAAAE~&z=562482020 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 08 Sep 2022 18:50:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 6e71d9946ab9df275f88abafdb60b3f1
dd7a112a0e07d0e01da4b530df237b1ba96d8159
eda20f83d7319d50adcc6c7756afff6d86a9e47545e34dc5037492c437cee8a3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 18:50:15 GMT
Last-Modified: Thu, 08 Sep 2022 17:55:51 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yJsZkzwWjfFRJY5BZeFGG8aGD8R5Rcl2ia_n4FDssQltqUz349yN5A==
Age: 3264
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662663007551&url=https%3A%2F%2Fforms.app%2Fphishing
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662663007551&url=https%3A%2F%2Fforms.app%2Fphishing
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1662663007551&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662663007551%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLOTGdRmVKUMwAAAYMecD3hVCDe7geTJodNdRKrdwyEdAOkkP3k1YfZ5GblmRAQABema-anDOnMSw; Max-Age=2592000; Expires=Sat, 08 Oct 2022 18:50:15 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJbx9IATydvAQAAAYMecD3hoIW9l2Sb7cbBoxaoDf6Hc0NtJcANil606BJQEnjBhCL2RxjN3oPcISO73oJXQQ; Max-Age=2592000; Expires=Sat, 08 Oct 2022 18:50:15 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&d5ab45fb-bf0c-41d6-8ce4-e98a5fed7115"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Sep-2023 18:50:15 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2378:u=1:x=1:i=1662663015:t=1662749415:v=2:sig=AQHzFZChRiC757U_amz1_aj0TPLHN5dI"; Expires=Fri, 09 Sep 2022 18:50:15 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoLuZxa/7zraTHEpd90g==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 5C1F3CD0593043258926802F14CD90C8 Ref B: OSL30EDGE0512 Ref C: 2022-09-08T18:50:15Z
date: Thu, 08 Sep 2022 18:50:15 GMT
content-length: 0
X-Firefox-Spdy: h2
bat.bing.com/p/action/137024713.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137024713.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=076B678270E46AE01FAA759B71B36BB6; domain=.bing.com; expires=Tue, 03-Oct-2023 18:50:15 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F1C689F39D744A338966C6FD5B0E800A Ref B: OSL30EDGE0411 Ref C: 2022-09-08T18:50:15Z
date: Thu, 08 Sep 2022 18:50:14 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 745359d372160932e8030c0199354252
1590e053a17d05095a48538fc08ff06245bac4d6
e7f798120d5e587145e512941e7c090ec2720d30d216e241f5b6f96d5b2d1241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=1900363930.1662663006&jid=53451989&_u=aCDAgEAjAAAAAE~&z=1025987458
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=1900363930.1662663006&jid=53451989&_u=aCDAgEAjAAAAAE~&z=1025987458
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=1900363930.1662663006&jid=53451989&_u=aCDAgEAjAAAAAE~&z=1025987458 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 18:50:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/587928374/?random=1662663007578&cv=9&fst=1662660000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=1889148567&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/587928374/?random=1662663007578&cv=9&fst=1662660000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=1889148567&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/587928374/?random=1662663007578&cv=9&fst=1662660000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=1889148567&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 18:50:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
35.85.83.51204 No Content 0 B URL HTTP/2 redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP 35.85.83.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Sep 2022 18:50:16 GMT
server: Server
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 18:50:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662663008356&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662663008355.308630477&it=1662663007652&coo=false&tm=1&rqm=GET
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662663008356&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662663008355.308630477&it=1662663007652&coo=false&tm=1&rqm=GET
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662663008356&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662663008355.308630477&it=1662663007652&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Thu, 08 Sep 2022 18:50:16 GMT
expires: Thu, 08 Sep 2022 18:50:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662663007551%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662663007551%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662663007551%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662663007551&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&2543dcce-fea7-485c-8dba-81c7297d6a29"; Domain=.linkedin.com; Expires=Fri, 08-Sep-2023 18:50:16 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220908185016f0ae499a-d11f-4f39-8cae-c005aedf8c32AQGwBmnKDA69gL979FL8diisQCDEBxXz"; Domain=.www.linkedin.com; Expires=Fri, 08-Sep-2023 18:50:16 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjI2NjMwMTY7MjswMjGCbQ3TeV51a2Lj+rNdMgggiK/N0ttXwagJPUZQ8l4bLg==; Domain=.linkedin.com; Expires=Tue, 07 Mar 2023 18:50:16 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2340:u=1:x=1:i=1662663016:t=1662749416:v=2:sig=AQGkPpx-m2JdedtdMoBOryL2zXmm_rid"; Expires=Fri, 09 Sep 2022 18:50:16 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-source-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXoLuZ1wzEVNV604OnioQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 92BCE7A05F384113B99D5A0E1B21B5A8 Ref B: OSL30EDGE0512 Ref C: 2022-09-08T18:50:16Z
date: Thu, 08 Sep 2022 18:50:15 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662663007551&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662663007551&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1662663007551&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&2d989cb3-6e09-49e5-80fd-11cc11d7e299"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Sep-2023 18:50:16 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2340:u=1:x=1:i=1662663016:t=1662749416:v=2:sig=AQGkPpx-m2JdedtdMoBOryL2zXmm_rid"; Expires=Fri, 09 Sep 2022 18:50:16 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoLuZ5YQQh6Zl7YEZVTA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 20816074F6F948B491EC479FDC55A25E Ref B: OSL30EDGE0512 Ref C: 2022-09-08T18:50:16Z
date: Thu, 08 Sep 2022 18:50:15 GMT
content-length: 0
X-Firefox-Spdy: h2
widget.intercom.io/widget/tt7hkkgs
54.230.111.119302 Found 0 B URL HTTP/2 widget.intercom.io/widget/tt7hkkgs
IP 54.230.111.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 31 May 2022 12:39:23 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z9DDFL0vJPR5npQB2eA29PlCyeVTe7A26kagQZATiTsSGSA45wjIYQ==
age: 8662254
X-Firefox-Spdy: h2
js.intercomcdn.com/shim.latest.js
54.230.111.118200 OK 6.2 kB URL HTTP/2 js.intercomcdn.com/shim.latest.js
IP 54.230.111.118:0
File type Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Hash 9064982aa7fa6e4296affd2690e62e8b
35622827e3064715e58e44d13c174a58dfde7789
d1a60129296b67992e221c87ac0d304c61cb7d756a52e61cd5453b78b90a58da
GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6174
last-modified: Thu, 08 Sep 2022 17:16:40 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: Hs5P5S6o93zS8sxpJQedNqzMk0dSWgk5
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 18:46:56 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "9064982aa7fa6e4296affd2690e62e8b"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nIKWeh0Vh5YmJ--qhcH0v6AxTYvOxUeZFaKdAWUAOLlfg0jMMhBU0g==
age: 201
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 08 Sep 2022 18:50:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 249
x-timer: S1662663017.591956,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
js.intercomcdn.com/frame.a6d4847e.js
54.230.111.118200 OK 126 kB URL HTTP/2 js.intercomcdn.com/frame.a6d4847e.js
IP 54.230.111.118:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 126 kB (126266 bytes)
Hash 7f2332d34c04cfdc7b1d28ee95257c23
8e6f48fe17c74bee9cd371a62e4e56ce6ca1fc61
336cce69ffa60a9750bb95c5198a87e5bf0d2792154b9c0c3593b99c236b4e6b
GET /frame.a6d4847e.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 126266
date: Thu, 08 Sep 2022 17:16:49 GMT
last-modified: Thu, 08 Sep 2022 17:15:16 GMT
etag: "7f2332d34c04cfdc7b1d28ee95257c23"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, s-maxage=7200, public
content-encoding: gzip
x-amz-version-id: 89vVFVEH72G3bm3KxXOHH5Vz4KF0Gbrt
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gaKpSb13fMhn1S-z8kZhm04oBSbPunBcPex2UUOpdK4lv6o4hGflzQ==
age: 5608
X-Firefox-Spdy: h2
js.intercomcdn.com/vendor.db1f5016.js
54.230.111.118200 OK 72 B URL HTTP/2 js.intercomcdn.com/vendor.db1f5016.js
IP 54.230.111.118:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /vendor.db1f5016.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103230
last-modified: Thu, 08 Sep 2022 16:19:52 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: CNo1uRhDSh4dT1NQhrW_GtXzTq3WlLQx
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 18:21:23 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "419225bddbaa8f495860fdd6b21c2a5c"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: J_7EEFxaWiEgFXU4FtnDubXzbTfyXb1EPSwRomolauCUX6DSQk1fbQ==
age: 1734
X-Firefox-Spdy: h2
forms.app/assets/img/formsapp-logo.png
104.26.6.145200 OK 3.5 kB URL HTTP/2 forms.app/assets/img/formsapp-logo.png
IP 104.26.6.145:0
File type PNG image data, 400 x 87, 8-bit colormap, non-interlaced\012- data
Hash a77f4c80bac841f7d3d2aa02372b8861
840d40fc6bdfbddff8e5d917ef5b669d8c4543a2
84b597803bfe471883e8b519902994881ee7c85066fa09a5c01cf3a30bb645be
GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.1.1662663007.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en; __asc=b2be70921831e701d280e87b5fd; __auc=b2be70921831e701d280e87b5fd; _gid=GA1.2.1024617488.1662663008; _uetsid=0f115a602fa711ed9a754103b0df9bd2; _uetvid=0f115b802fa711edbb8b2bc8ccfd264c; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662663008355.308630477
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:16 GMT
content-type: image/png
content-length: 3548
last-modified: Thu, 08 Sep 2022 14:12:17 GMT
etag: "6319f841-ddc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KrVO3VO5CLKR79V9sERk%2BUOdb6BuQ6CCEqqrdgUVrqPnu3CrDb4vHUrSE46l%2FQf8b9sMHXcOhy7ij5cE0uLxE0eYvLg6LhzISKhx9nlHKqHCJhAEr0I7%2BGSkKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de6e58b1b509-OSL
X-Firefox-Spdy: h2
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2102&ck=1&ref=https://forms.app/phishing
185.221.85.4200 OK 24 B URL HTTP/1.1 bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2102&ck=1&ref=https://forms.app/phishing
IP 185.221.85.4:0
ASN #206998 New Relic International Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2102&ck=1&ref=https://forms.app/phishing HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 345
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 18:50:16 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 7479de6f4dcd0d46-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JUz%2Bz2rZUKQ1mtLLgDJZ6Kmjp3HXgw3k978ZuCbDV0ML1Z1jsL4nFVh%2FKJvcGnscxF6qeYTmXpwfW5vaEzGTvEFnTPB01W6zW%2Fm9hz03jx5T4%2BGJN3aC8SldUOmi5a1ocZJLhcT6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
forms.app/assets/img/huawei-app.png
104.26.6.145200 OK 7.4 kB URL HTTP/2 forms.app/assets/img/huawei-app.png
IP 104.26.6.145:0
File type PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 86c2e696aa2528b2cb3589897ba4bfb7
598e89de6512720a92e4e94a538e2eb64d746229
eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6
GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.1.1662663007.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en; __asc=b2be70921831e701d280e87b5fd; __auc=b2be70921831e701d280e87b5fd; _gid=GA1.2.1024617488.1662663008; _uetsid=0f115a602fa711ed9a754103b0df9bd2; _uetvid=0f115b802fa711edbb8b2bc8ccfd264c; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662663008355.308630477
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:17 GMT
content-type: image/png
content-length: 7360
last-modified: Thu, 08 Sep 2022 14:11:24 GMT
etag: "6319f80c-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72XjyWI6Y5yTCFpIXc67CC2IyObUrDlNe7A0SM8cevg4irqThdksycEGLAvv8BLmJ0BIRPBT4R4qOcFN98XFd6Ld91eVJCvrzJ4QvhJBNaEEnYip3SnVRpDtfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de703bd8b509-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/google-play-logo.png
104.26.6.145200 OK 7.6 kB URL HTTP/2 forms.app/assets/img/google-play-logo.png
IP 104.26.6.145:0
File type PNG image data, 191 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash b30b4bd0775acd1e172ed059d1151d4d
70d96852cfae2fdc113342e3bf46cc4ebe706815
cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b
GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.1.1662663007.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en; __asc=b2be70921831e701d280e87b5fd; __auc=b2be70921831e701d280e87b5fd; _gid=GA1.2.1024617488.1662663008; _uetsid=0f115a602fa711ed9a754103b0df9bd2; _uetvid=0f115b802fa711edbb8b2bc8ccfd264c; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662663008355.308630477
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:17 GMT
content-type: image/png
content-length: 7621
last-modified: Thu, 08 Sep 2022 14:12:17 GMT
etag: "6319f841-1dc5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iiDGgD8z7M%2FaqsuFW1CloSLus3%2Fnvl7BzRO6%2BFjPV9Tq5P%2FltJSqwCai7BHIzYWdv1SeQqCl6sfOzvKIw09KU2sg23tpotV2q9BOEd4ETUJaCPCVotqMooVOyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de703bd4b509-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/app-store-logo.png
104.26.6.145200 OK 7.6 kB URL HTTP/2 forms.app/assets/img/app-store-logo.png
IP 104.26.6.145:0
File type PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 02b87ac5a0d67d23008ed83695705c23
1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5
a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736
GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.1.1662663007.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en; __asc=b2be70921831e701d280e87b5fd; __auc=b2be70921831e701d280e87b5fd; _gid=GA1.2.1024617488.1662663008; _uetsid=0f115a602fa711ed9a754103b0df9bd2; _uetvid=0f115b802fa711edbb8b2bc8ccfd264c; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662663008355.308630477
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:17 GMT
content-type: image/png
content-length: 7634
last-modified: Thu, 08 Sep 2022 14:13:54 GMT
etag: "6319f8a2-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LOsVINLVRI40qOfTqFS%2F4%2Bs4dEputWvv41yYIGkCsvSV0Y3ThdG%2BD%2F6x4wUcehuKuF1yKboYf6hsLpmouhbgQAeREn6GsJQ3juDrdLSHQY5B2u3YG1iqQC5uig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de710d6db509-OSL
X-Firefox-Spdy: h2
nexus-websocket-a.intercom.io/pubsub/5-4yj3ZFqeIQDoCoHb44uaQWlEVE1h4hvpI5utDxGz6VJ68mxEvY_ckAy-jtX_MzviS3ZG-5J3Fk5AGtA1OXeuuwqHRC0na_t317fy?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
34.237.73.95101 Switching Protocols 0 B URL HTTP/1.1 nexus-websocket-a.intercom.io/pubsub/5-4yj3ZFqeIQDoCoHb44uaQWlEVE1h4hvpI5utDxGz6VJ68mxEvY_ckAy-jtX_MzviS3ZG-5J3Fk5AGtA1OXeuuwqHRC0na_t317fy?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP 34.237.73.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pubsub/5-4yj3ZFqeIQDoCoHb44uaQWlEVE1h4hvpI5utDxGz6VJ68mxEvY_ckAy-jtX_MzviS3ZG-5J3Fk5AGtA1OXeuuwqHRC0na_t317fy?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WugnwBkV3V5vXGlTYR3Ywg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Thu, 08 Sep 2022 18:50:17 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BbKtajqRaLgfdN0wNi5C74INOSA=
my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
IP 104.26.6.145:0
GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJF6REGVdnPHgXPuofcsezag2wOxhvoxQrde%2FA7nH4b5s2ghFa2Oq9iNro6lDIjVGnPObDai5pzQEPhnmdy79PqJfAP%2BNg4lCty3dpIhQCgjrA4FU6KHmYa01%2Fqg7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e8813b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/swal.4f135.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/swal.4f135.js
IP 104.26.6.145:0
GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:43 GMT
vary: Accept-Encoding
etag: W/"6315f4db-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ca1ZUnIAG1IFUWtaRMgCHfjWnUjApRsaoE63dDr31g%2FjBGOha2wmN1G0X%2BV9IhYjKE%2BqRKG3RmKw72dyVr08IqzEqCPnObdVPIx5UiIgcJRubuflB%2B8saTeJmyUb1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e7fe8b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/blog-logo.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-logo.svg
IP 104.26.6.145:0
GET /assets/img/blog-logo.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:13:54 GMT
vary: Accept-Encoding
etag: W/"6319f8a2-ee0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2sjWXIiFVOxsFmlr6j%2BlsV8vzAL%2BzI1Ayfn9bgXV1BrrqFDgy%2BrljvgjiVDVY3KJV4DhlW2lPGQ6I1YP8kjNl%2FfkJ3S0h8O%2FWNaGCGYI%2BfohmNRo8aCw6cEKeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de6438fbb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vendor.523c4.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vendor.523c4.js
IP 104.26.6.145:0
GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:38 GMT
vary: Accept-Encoding
etag: W/"6315f4d6-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hfbDqAKiI7%2FW819ErZ6yw9LbiLm%2Fu1tlIExBK6qURtBgEw%2B5Fkc3GqSs5ZHR%2BQ9f8gb%2B1CIXtJ4AYoaGwzgXz550HQcBMeNjoV%2ByVZYvWxJ%2FaZNQmBinB26zwL7UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5b0a33b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/swal.2ebcf.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/swal.2ebcf.css
IP 104.26.6.145:0
GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:19 GMT
vary: Accept-Encoding
etag: W/"6315f4c3-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9h1Ufz6AUJPbMxbJj4BJpndS4%2BLBNM3iYrj6MmFFu3a2K5qCEBXw7Aeh31P2vLY0r0P3BhljpNOapXRwJpGhSgPcHbJsmzi0fR%2FtnFNrkV07d%2BworhX%2BdKRLj2QLmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e6fe6b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vuegtm.3359a.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vuegtm.3359a.js
IP 104.26.6.145:0
GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:30 GMT
vary: Accept-Encoding
etag: W/"6315f4ce-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BlKP0tkCUJ69kG%2FIelnI0WRpqclwwdMnpdGPmRQY3AEbsgUTKbo494tvWRwNqh%2BrdDYre%2F0g%2B8hxCTAx6QoUwG%2BTUBlidvtnkKQRiG4aThF2oYrRJ1%2BGxnmw0r0P0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e7fecb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/envelope.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/envelope.svg
IP 104.26.6.145:0
GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ki4PMC8Gj3gIRHRhklzPFNZJhu7hNSPjNHVa8KZZdPIk5TcO6jzmv%2FXUARVEdg7HLDOuHjmYFbpcN5k5GybAZtceAEeaZqa7o9wEc3NlxcF6mmvqs4qI92yxRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64796fb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/runtime~app.1ad07.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/runtime~app.1ad07.js
IP 104.26.6.145:0
GET /static/js/runtime~app.1ad07.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:25 GMT
vary: Accept-Encoding
etag: W/"6315f4c9-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cCOYw2CB4Fe9nTHL91RYcJjYyAZUBej2HXATTsyW7KYCAbvp8JpFlxLL8lev6a355fW40r3XaVvpiOz%2FvV7rU7tsYduRyiPUkJ1Dk8VGsLcLVk7sMkJ%2BVVOFZj2apA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5b0a34b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
IP 104.26.6.145:0
GET /static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:45 GMT
vary: Accept-Encoding
etag: W/"6315f4dd-2f93"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ri9Ld4zaIygv2kQYhoZ0fhh2Xx64u2eZs%2BWldJHpnrB5GpH5PAS2qFz1oTTa2h6ct4zWDiC6yTLpktVEhPxGyWvCaV57uTn%2FBRSpIsgoPBP24zYoxv8cbe59znKUgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e6fdeb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css
IP 104.26.6.145:0
GET /static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:29 GMT
vary: Accept-Encoding
etag: W/"6315f4cd-4b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0xxuPaIV%2BN8z7l3%2F16DaKbWpc9PW6Ll1qTBoZiSKRASLoiUqCeDASmO4zqpJbGT7F02IlruYVqPkkx93T4UyrLxSiM5ewO2FBEoV0WTdgMtA%2BH6VuEB84dmPoQQ9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5ea832b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js
IP 104.26.6.145:0
GET /static/js/FormBuilder~FormDesign~FormView.4a69f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:30 GMT
vary: Accept-Encoding
etag: W/"6315f4ce-204c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IRnH4GPAGUm7wnwILaymx3bArQUdxLic41g4rE5X4r4goNI27PscR%2Beuy0%2Bh3b2hJU9hihLug%2FtT2ReKdmFRjwbIbtHbaiyWKBO9vZbqs0wX%2Bn1%2F%2BFJZ7iT60z4kAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e9821b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js
IP 104.26.6.145:0
GET /static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:29 GMT
vary: Accept-Encoding
etag: W/"6315f4cd-512"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DeQdiwwODlL9Ue2Tg3FH806VraXnCbd5kWFuw0%2FTl3k3HpdNoRr%2Bwk791S1IV%2FSiS3%2Bqrs36Hb1xuGqVOzBBQDhzeqO9fdAn2VyijL%2FwQwCXFe%2BzNuP0MJ3%2FFkT2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5ea834b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/excel%20copy.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/excel%20copy.png
IP 104.26.6.145:0
GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QnEMSoF6yFOFyLT6eSGlE0oEyg56UPIivAPqEQ1RvqoffJgcD%2BNoHmhs6i90EPjkXplD23XN3yIhVDti2zKF9Vl1fjJ6Ey%2FgeRQA%2FeVd9Xo0OEQNUudbOoCvaryKDWIc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64491fb509-OSL
X-Firefox-Spdy: h2
forms.app/assets/js/lazysizes.min.12809749.js
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/js/lazysizes.min.12809749.js
IP 104.26.6.145:0
GET /assets/js/lazysizes.min.12809749.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
vary: Accept-Encoding
etag: W/"6319f872-1c15"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2FJBDvhg7pNEmz5WG7%2F%2FBH13lF8AptaaiQ8dl3kH9QYeEnTSwLEj1Uaslh4%2BGeyp6Jj4MrTaSiab%2F7s%2F5nY7sF2vSIo901ik%2Bd3aEHmRqoyOquZYbdgcHB85Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de647974b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/Google%20Analytics.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Google%20Analytics.png
IP 104.26.6.145:0
GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bGxZaFF2xma5IqgKUPXahC2oFP0Oq42G7jrIliZOTY1BcgZuMEg0NLD7f6qY35OwX4Wcy2pi4S1%2BsZTIn%2FwI5v0A6UAx5qOD8TjrLXGsswCxrh8tHjB%2F%2Fq%2BdRpuBISyh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64491cb509-OSL
X-Firefox-Spdy: h2
my.forms.app/form/62ef4dc42b6a8726fe7f04c9
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/form/62ef4dc42b6a8726fe7f04c9
IP 104.26.6.145:0
Analyzer Verdict Alert fortinet Phishing
GET /form/62ef4dc42b6a8726fe7f04c9 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tBFkreYuGTRa%2Bk01xiBIsGumgpx9o%2BU9N6n4UfnTh8iL8AW9oU1BqsvdhCGIwoFQmP6HCRH2MPjJtFi4mjigolTLsaMbAemXYUEOrelpAJqptU5M4I6Y%2Fbu%2B2Drbsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de58deb9b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/asyncstyles.7792f.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/asyncstyles.7792f.js
IP 104.26.6.145:0
GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:22 GMT
vary: Accept-Encoding
etag: W/"6315f4c6-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wZbNX%2BVAdW7PwkdPwz41yKpMbsQQpsHDBWfXWmxJCAHMFIJqZeaSXwk6WZ0qnf0dI3w7cM24L%2BVroTdVhRkOYkXR5JoFGIudHMWUkplA0NGCsL8IT3ehlgB%2FA8nwNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa26b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/iicon.8278c.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/iicon.8278c.css
IP 104.26.6.145:0
GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:00 GMT
vary: Accept-Encoding
etag: W/"6315f4b0-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2B0IrVOqcvZRTbADl%2FGdPU0vkenr%2BpJxO6MEoqoX0GO%2FYPMC7HgCsZCpG2OFd3acFgHuNj3qikIZDPL1Mij0QC5hTUCWDWFce6vbLmSDghv5qU4HGCkwhYRPGAy4Yg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa1fb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
104.26.6.145200 OK 0 B IP 104.26.6.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiODUxNzZlOWI1MWI3MzM3MSIsInRyIjoiMjQxNGVhNmJmZWU0MGQ5M2QxZDM2ZmIyNDYwODI1MjQiLCJ0aSI6MTY2MjY2MzAwODYzMn19
traceparent: 00-2414ea6bfee40d93d1d36fb246082524-85176e9b51b73371-01
tracestate: 2885732@nr=0-1-2885732-286479549-85176e9b51b73371----1662663008632
content-type: application/json
Content-Length: 16777
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.1.1662663007.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en; __asc=b2be70921831e701d280e87b5fd; __auc=b2be70921831e701d280e87b5fd; _gid=GA1.2.1024617488.1662663008; _uetsid=0f115a602fa711ed9a754103b0df9bd2; _uetvid=0f115b802fa711edbb8b2bc8ccfd264c; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662663008355.308630477
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:16 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7479de6d6f75b509-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js
IP 104.26.6.145:0
GET /static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:45 GMT
vary: Accept-Encoding
etag: W/"6315f4dd-d1ec"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WOP3Wce3XlO%2FCyYdqyU%2FClwT%2BeaPJD5rP9dAUh9%2FGRSOYPEIy2HZpGvFm0tIk2Atixgwj5oD472L8hwiOgn%2B%2FNnV%2F24ab7MgJ4ZGM8CEDxAu2xTYt5Vt1qL%2FVFLFrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e981eb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/facebook.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/facebook.svg
IP 104.26.6.145:0
GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enPz0g7jyHN85Armab65YTlRJsEPII1tpX1PlVQ9XzzYT2blRa1x%2FHSrsXrReX%2Fcd%2BoY%2BFrtbUeANj3DQJ8XDe5iTtwnNkcWh7vrPBT2Xo%2Fdq15KEWxURIiAsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de645940b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/isvg.cd861.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/isvg.cd861.js
IP 104.26.6.145:0
GET /static/js/isvg.cd861.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:17 GMT
vary: Accept-Encoding
etag: W/"6315f4c1-7eeb"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r907eiGXF2qrjMQ0Mexyy6xuo2Dr%2BUUBwUqtmgf4jGkDt1ZcbuoCiuOzR46OgEMUK8J29Ldd0AVPhugbmVXzhfk0ZQN2JarrZfI0VAjG63aFN9wClKdTfnx5Sh%2BPww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e982eb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/WhatsApp.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/WhatsApp.png
IP 104.26.6.145:0
GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: MISS
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KYS7fIc4D4UPs1pVU6zCmR0Cssjrbk%2BTrhijKY1jUpA5wRc2%2BlCB%2Fmj4E8eXyJ9Tw12dZziSUjMBV4GHyce5gAO%2BikzH3rv%2FgDW3G0T2RI0zxIvwh1AgBRa5ZR1coNrp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64491db509-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/trello.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/trello.png
IP 104.26.6.145:0
GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= trello.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UI2hcMmMA1DLZwnkgNEoAcD1DLay%2BcmthgWa7xENDzZx9GR06lN5TGHheUYsxbWthyVmipP0Mm7xCLrFPw4WuqsKiz8f6e39UC4AL2oFgyb6rIp7vxjtExxEKp88qnj4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64491ab509-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/iicon.bcebb.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/iicon.bcebb.js
IP 104.26.6.145:0
GET /static/js/iicon.bcebb.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:21 GMT
vary: Accept-Encoding
etag: W/"6315f4c5-2fe9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qss8gHzjhBZlf9fCIqw9qcfANeaIX3LYuhdjgpbtus%2BNH3EPiXyKmhAcOUyB3u2irMQPwPndLScs%2BnAgxBkZ5FUs3pT8VjbaLFytRhhUACK1lI9ZToz9YVpfDlpTjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5b0a29b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/app.d858d.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/app.d858d.css
IP 104.26.6.145:0
GET /static/css/app.d858d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:43 GMT
vary: Accept-Encoding
etag: W/"6315f4db-107d0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jx0sf4jWYS0VfzIxXRWqkZKqSiZaW8D17D0LVbyDV5hkJe2cOTuR0VtoS2Qe1IE1p1SEZjF%2BYSLjXKm1ggQQRmI6AZn%2B6qwhkX25RF3Hz77Bx0topYph4%2FWqOduYBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa1ab509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/templates-resources.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/templates-resources.svg
IP 104.26.6.145:0
GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:13:54 GMT
vary: Accept-Encoding
etag: W/"6319f8a2-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykkDrmeeRa3dW1KrQ6t4ID9L0SbtA0FbFnwmTsFM4DlrENJBUjMK2%2F8tEJ27kFJHP1XU2qYnS6WCBNIMu7CeMRovfHy78fuAkA8vJLjDhUD1Jj2xRMc5NHKhug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64593ab509-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/hubspot-crm.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/hubspot-crm.png
IP 104.26.6.145:0
GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= hubspot-crm.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mefv7bRn%2BlXXJa6523GS6EnIzHZpbP6Wb1L58All4SKs53lqdHhE2Mwtty0FiXSGatrf8azD0wxtCG5tds2PMagMVarjCEw82eCor24VXnt1lCWok1YPosR8EwPVhONs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de644916b509-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/Notion.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Notion.png
IP 104.26.6.145:0
GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= Notion.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xhGKxpu79XZlWhFpWYxJBdbHD7qXkg2x2d%2BIqSu89bzHVWk9noG4Q5o121NkFrphEwXTTcp2sCk15hBUYpTCfC9rRwpkZgGc1mp6yNLcCusSUKiBouonP090tSFQZ6ej"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64592bb509-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/airtable.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/airtable.png
IP 104.26.6.145:0
GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LS1ZQBbCrudvIvhGmVptWMgwYASZjwSMv2xd%2Bh4HHKm%2Fs1Ntu2M63bXW09j3HiooChTRF%2Fwrgx1u76tvC%2FQUHTomKeG0%2FVesBwnpxe2sCLaSHOPtI1M2wyEl0ufjbzV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64592cb509-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/wordpress.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/wordpress.png
IP 104.26.6.145:0
GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= wordpress.png
cf-cache-status: MISS
last-modified: Thu, 08 Sep 2022 18:50:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eu7XQR%2BFCSMP4v7yyAQ3k3BcyMGa8i9k8Fq7Pk0Z6aIHy3Xhhxd9GvSBbR1S14YDy7IcrxF8VpLKlerjXr6NPo5pvram32Dxx4wGCbwmjJmzPL9EFkJWHanUZXnaKPsK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de645929b509-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/logo-home.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/logo-home.svg
IP 104.26.6.145:0
GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:13:54 GMT
vary: Accept-Encoding
etag: W/"6319f8a2-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EVIY3FBKNcqJnVh8nF%2BAoLEdORK7%2BAHgDz3SQunO7aIVc6Yi2Dy8wUMtE8vyJEHevunCxnFU4fl8Ew2mdz1ogV%2BhtZM%2BfDM%2Fm61%2F58kJLICXDTNyBQFoghBITg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de6438f5b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/dcomponents.15d95.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/dcomponents.15d95.js
IP 104.26.6.145:0
GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:13 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:38 GMT
vary: Accept-Encoding
etag: W/"6315f4d6-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvEeOsIn2tl20BVcfKxaTF8y8Hdq2QjCsfvbhHnXgNGF11LHH5mkZEvicJ0bPq2QZ7KYN4ONWfnoLILLe0c27Ig0qlDUfJBVF%2BTFj3%2FKNx7geJFMTTp%2FF2MzdVLW9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5afa27b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/google.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/google.svg
IP 104.26.6.145:0
GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP9GBqql%2Bgf15o%2FG1pMNkyAYf7BfNtmgteAQ6smAsKKl3ss94ZJDB4S8Qze%2BDvN%2Fp0Ebb4CR89fyjBmPHho79xIYho1VIY4Ge6u7cpotOGbttogp6Y61FrtToQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64593fb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/lang-en.3d2e2.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/lang-en.3d2e2.js
IP 104.26.6.145:0
GET /static/js/lang-en.3d2e2.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:30 GMT
vary: Accept-Encoding
etag: W/"6315f4ce-faaa"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6340
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOdJ0sPEr6%2FaPMFSbZtKNuMF8WAXbv9OKGrHZiQsJoYdlHASWWC%2BaWkhRUrfcEvYehlz5P1Y%2BI%2FtS71JufMvGoNKAoBj8RGnloHaGUgJfpoiIk1zu5icKIBvyzebRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e3fa8b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/blog-resources.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-resources.svg
IP 104.26.6.145:0
GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:12:17 GMT
vary: Accept-Encoding
etag: W/"6319f841-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1klPez70keGCi0z5U9mJqqs%2Fx7U00%2Bj%2BXpK%2BOQdCWHQ%2B2LSoxnWwO4mzbk%2FfMNwYllajzfiX0OXHyN%2BMzritXABXVG%2BeOlqagZ5CKGdTqPQRmVDg1FXwlUklgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de64592db509-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-iam.intercom.io/messenger/web/ping
99.83.219.81200 OK 0 B URL HTTP/2 api-iam.intercom.io/messenger/web/ping
IP 99.83.219.81:0
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:17 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1662663020
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13330
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: 05d9cad82336b8f9259b87b30e14811c7a641d03
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0002u0mnb3u7fbbs7jng
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"4ed9cde8f4cd33364fd3088668fcc1ed"
x-runtime: 0.316963
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0359a879b27fffa05
X-Firefox-Spdy: h2
my.forms.app/static/js/FormView.7077f.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormView.7077f.js
IP 104.26.6.145:0
GET /static/js/FormView.7077f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-a2e4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c85%2BgSchpNmOP5nJh8tXOelG5QBdQ6FWFoPyciOnUv931lRj1YVFGAZB13nriDf%2BViCoJbwtwpTsql28I%2BmXmbDHAWR9y9vlSSsaKpLEOm17NvkEgTOgz36TOtG3Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e9828b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/apple.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/apple.svg
IP 104.26.6.145:0
GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:19 GMT
vary: Accept-Encoding
etag: W/"6315f4c3-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0bC5y9MOuHH%2FbCYcFE1PB5nBuld9uL0OtDbL1Q%2BeXScj%2FJUL8LCNRWAk1v83DIxCdS5dEhCvosITOZK0kOhaSr68HmmwmDv1DrZUzC1owchMLp2Jm8pKypakA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de646945b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/cdn-cgi/rum?
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/cdn-cgi/rum?
IP 104.26.6.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 384
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: text/plain
access-control-allow-origin: https://my.forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7479de6428deb509-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
my.forms.app/static/js/mainheader.53158.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/mainheader.53158.js
IP 104.26.6.145:0
GET /static/js/mainheader.53158.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:29 GMT
vary: Accept-Encoding
etag: W/"6315f4cd-1b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L2aFmRTkLCY3q8NSXL2xvvBYzU9%2F6VZieajWqCsah83kWgwL%2BxlqlRdbeHItfTWxm%2F63tJsG3%2BiTsIydlc2KOFXiSnwX3lwuhN87U2lhx2%2FPIyihDU0zbmBZpbfDjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5ea839b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css
IP 104.26.6.145:0
GET /static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-4270"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W6i7uAGALP6NlZRc6w1%2BuI7O4uPRXWSGzXgzE3tl%2Fhgcm5IJLm648ZxPAmWeyLESn632%2FFwW3FJAjZdsp7VVnZZ2PeS%2BYIyhq9OQxVCg%2BrKkQyoCydCvLqddPuTCkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e881db509-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/form/62ef4dc42b6a8726fe7f04c9/view
104.26.7.145403 Forbidden 0 B URL HTTP/2 api.forms.app/form/62ef4dc42b6a8726fe7f04c9/view
IP 104.26.7.145:0
GET /form/62ef4dc42b6a8726fe7f04c9/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Authorization: none
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 403 Forbidden
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1tdm0X8wJqN0kI0%2F%2FwHaxTdBjCs%2FXXXpbgnmd1Yi3M9um8cp03Yem%2BHSarkVbU8FGIsLYBV9AEsV4Fa7lru4eU8jopA3w%2F1Kxr0e4FgoMx7FKPz7XOjt95kjoqFJdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de617c720af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/sheets.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/sheets.png
IP 104.26.6.145:0
GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= sheets.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LsQ1KbkdhKzYG3jvEmQJBudH3aXXb9Dcw6pITzwQMQbhjpef6kiMlJJGbpCYkOsY46bDXwaFscAT1Ufg8IzpJ2PhI8sStMeEafEWQX2xYU%2BmbW6zcdEiuKZ0f83%2Bmkgr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de644918b509-OSL
X-Firefox-Spdy: h2
forms.app/assets/js/login.fb59ba75.js
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/js/login.fb59ba75.js
IP 104.26.6.145:0
GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
vary: Accept-Encoding
etag: W/"6319f872-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mm2UjmqxFuUDNRKJ38855mIoZdp1wWVrH1uEcjlnNr1d3iPNNL4dBGBBaJoNjJCISPCyjW6z4FhmhvYSkoHWKdH8961yT%2FdzyXqkHOLg0V%2BgioXftHrBbG3NTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de647972b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
IP 104.26.6.145:0
GET /static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62ef4dc42b6a8726fe7f04c9
Cookie: _gcl_au=1.1.1960450638.1662663006
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:14 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:45 GMT
vary: Accept-Encoding
etag: W/"6315f4dd-114"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IOsByUXoOOB4lUWfzBICHfUVze35vsxvytyWfzmrI5T%2FKlWHb5HMuWsgX2yaBb8ovupGmWnAMA2q6PyX%2BaZvgHj5gDYsRRkwRqV%2B%2F4hDaGj8pSp2EkvrkgWbQvXndg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de5e881bb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/slack.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/slack.png
IP 104.26.6.145:0
GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.1960450638.1662663006; _ga_740JKHV4FZ=GS1.1.1662663006.1.0.1662663006.0.0.0; _ga=GA1.1.1900363930.1662663006; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 18:50:15 GMT
content-type: image/png
content-disposition: attachment; filename= slack.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 16:23:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OAa8K43QLCG8kfXtpFTMhpc9Ran72%2BXfGz8CQzFIhkWXdgVj7k6xlPVeSDjymf1DgE9mOnIYBhcfhjdlWypZR%2BIqAW69MaPPSrhh%2BbLPxQZ1CwNlsQWAGAAkube82ZJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7479de644910b509-OSL
X-Firefox-Spdy: h2