my.forms.app/form/62b729dcbd94a175bbb0a072
172.67.72.65301 Moved Permanently 0 B URL HTTP/1.1 my.forms.app/form/62b729dcbd94a175bbb0a072
IP 172.67.72.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /form/62b729dcbd94a175bbb0a072 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Sep 2022 21:53:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 25 Sep 2022 22:53:17 GMT
Location: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LzE7Sh4HHkMiPWC%2FosdUJXNcsTggqA930554t%2Fls4FC3ix6eR32ZrM0RlRsAiZYt%2BArFf2te7Vtug1HLPA7GE5WBupFPlthTWwOw2BGAoBKg9b8oKeSwHwyLVsKTcA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7506fde2ec06b500-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 21:15:08 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qin0HD83VpoUKi70_dwbGpugaiwX_moF5rKfeturf5Y_1HxIUiRkhw==
Age: 2289
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2865
Expires: Sun, 25 Sep 2022 22:41:02 GMT
Date: Sun, 25 Sep 2022 21:53:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bj4um3ooyTIbCKr6eeOudxVo7lkPii15lw4aIJiumTvJfsw7XeqZ2w==
age: 62283
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 21:53:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7559d4ebbe2ad94ff80914e879c29d27
9bce0a737b4aed4c6f58f3b32557d8c5fbc0cee7
f8eadbcae394c24100ce9a7ba8faa01a02e7c86b3a392a8c6741fe522675f81f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:17 GMT
Server: ECS (amb/6BB9)
Content-Length: 278
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 25 Sep 2022 21:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 25 Sep 2022 21:14:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: R7cWcXBkl5BlmrPmYmvGmJSp1ZV4zTssCo5ms5AtVBYvIaIV4HW6zA==
Age: 2940
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2982
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:18 GMT
Last-Modified: Sun, 25 Sep 2022 21:03:36 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1db3e1d6bf7a5e2d0c87eab75a6e52fe
b923a169beb9248ea6a5070a04b57bc0aa44799b
f35aafc9c21937ac03d9b711aa18ef518aaaec6d0f9dbcecb42f757a0e70915c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/js/iicon.59ea2.js
104.26.7.145200 OK 80 kB URL HTTP/2 my.forms.app/static/js/iicon.59ea2.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (13470), with no line terminators
Hash b2ec23fdb36199cd177f64ebe118b5b6
adef28862b59a34d29f6b66e5bdf16af2e8dd557
7ad0f3df19be897586dc53e7db5b79497404f813649d3ddc00552338f5f4503c
GET /static/js/iicon.59ea2.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:52:44 GMT
vary: Accept-Encoding
etag: W/"632ac2cc-349e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3542
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCayaIDzYLD1vwmf%2FeY2%2BTCXs%2BKD7IzgqfADoo%2FVFTwdgorwvKWhErb3AJ257bbILbxZmo%2BFs9XEJvN49S%2FoBU%2BgeV9gxih4RWS0%2F2JJPNFfeSopQBDM5tKekPl4zg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d92b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1db3e1d6bf7a5e2d0c87eab75a6e52fe
b923a169beb9248ea6a5070a04b57bc0aa44799b
f35aafc9c21937ac03d9b711aa18ef518aaaec6d0f9dbcecb42f757a0e70915c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.237.239.70101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.239.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8XOvfKugfnrA9fJZ1xDVvQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5LLYIFeL+pfgBx/7HdCZ3En8IfE=
my.forms.app/static/js/runtime~app.4691c.js
104.26.7.145200 OK 9.9 kB URL HTTP/2 my.forms.app/static/js/runtime~app.4691c.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (24538), with no line terminators
Hash 651e6988fa71815ed000092b6358ba71
c0101fdfdcee21f167ad186809ac5cdb979744e9
8587266cd4399fdc8c4476af282e8f44ebf33c14eb6c814b9013e4c0b5afc9af
GET /static/js/runtime~app.4691c.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:23 GMT
vary: Accept-Encoding
etag: W/"632ac2f3-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6572
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ha49XKDZ5EiqSPiz0Y16sVXAsRjed8E3OF4wtThJ%2FsHmPe61ML%2BZo0XtEqvDyIgpKk7KLFkpFDPSTccW99Bx1chHH8RukCgYlY2PbMcrNnaqcrWBP0190b7ZTbwLQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde83da4b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css
104.26.7.145200 OK 3.3 kB URL HTTP/2 my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css
IP 104.26.7.145:0
File type ASCII text, with very long lines (17155), with no line terminators
Hash caefc4bd644860426e57502f57e976c1
a839eaa62db2648e776bedd8004f8e5aa5c7ef16
a4557eaa769d41bb92477901c2ab6898242c5a87c16d59a4da6406bea9d2f8e4
GET /static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:06 GMT
vary: Accept-Encoding
etag: W/"632ac2e2-4303"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EvL3iWuPiB1gbdgJOPfBHmhLjexBkfpFQBiDzieD7CUnkgPCmIbbb8%2BT8LEl%2BMSYuA3k862M7JAqiFksfQ%2Br%2FqstlWhSuceVVqnget1t%2F9kzc6pYPphiGSyAavKb0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde98ee3b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/FormView.e36bb.css
104.26.7.145200 OK 2.5 kB URL HTTP/2 my.forms.app/static/css/FormView.e36bb.css
IP 104.26.7.145:0
File type ASCII text, with very long lines (9072), with no line terminators
Hash c8614f143b574a2f0fde601281777569
4a9a6a8537474912d0b73e64c369ee808d9652e7
d008dafebbc24d83149eb1c6bfd4b0cfb6d1c368e8f4b887e33f8a0554a67458
GET /static/css/FormView.e36bb.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
etag: W/"632ac2ea-2370"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3541
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JdAGu32qohqXqagqItycGNyzo4ygscfYsO1UM1nMOhJbvdrtIvfh2sN8XFf8bGzUiC1VVdk00n2D6%2BzlM9l%2BChajdT9InxQWhftEc8hTYOG0JXaRTI6ug7JuBwBn1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde98eefb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/mainheader.5f29b.js
104.26.7.145200 OK 65 kB URL HTTP/2 my.forms.app/static/js/mainheader.5f29b.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (8620), with no line terminators
Hash 46ce068ab34d6fea3f414048c41d2507
a07da7ee1ccf173a93a212d3ef1c1d6e7a16c446
75a7bf90424761b66366006144b459a422b5bf79d6407fd14fc77b7f4812a09d
GET /static/js/mainheader.5f29b.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:17 GMT
vary: Accept-Encoding
etag: W/"632ac2ed-21ac"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xNZWBaZ0UllM2Pb4N0B%2Fw%2BnJ8vdyz7TUT2cmD68qq%2FzA0T9By0ACzGy4K7P3CyV08CWxLU2CYuqZLYS2wyQqF2WY1MoXXK%2BWYz95KV0NBN0mjVuDRDjBcWwIoYr6sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde9af10b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 100313
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
api.forms.app/form/62b729dcbd94a175bbb0a072/view
172.67.72.65204 No Content 0 B URL HTTP/2 api.forms.app/form/62b729dcbd94a175bbb0a072/view
IP 172.67.72.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /form/62b729dcbd94a175bbb0a072/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 25 Sep 2022 21:53:18 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFjayX7HYbYbkeAMu1v%2FAV4y%2FudcuCBWGTffF0bu8JHNwsz16tkqrN4a2O6RR3s3TQA6%2BXk34FZiJKoxRnNTfdfjNtybgYjrxiIcwlsFhe5wdGbbG7QuOTiiewUbync%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdeaedc3b4e8-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/css/vendor.88295.css
104.26.7.145200 OK 1.5 kB URL HTTP/2 my.forms.app/static/css/vendor.88295.css
IP 104.26.7.145:0
File type ASCII text, with very long lines (2898), with no line terminators
Hash e2c45bf07e7ed6364d5b60c69f181096
3cd35e54f613f3112be464202be70a8d1f1935b9
d8445f27501868a1ca4b0fde6f6bf480bfb9bd2b26349fde2d455fd887c9b96c
GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:06 GMT
vary: Accept-Encoding
etag: W/"632ac2e2-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3542
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGRJjD6JkkLZ3%2Bm1V8cVCF%2Fw06abTSEy0DchAf%2BM4UeWVaJgPW0%2Bt5nZ3JcilHgxJ1ZYJCYmLu1wJn5UhwH6uYAscPJrQ4HGyfMkb5qImrdDqU%2Bha5pEW0Dp%2FXsysA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d72b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/img/form-disable.png
104.26.7.145200 OK 9.9 kB URL HTTP/2 my.forms.app/static/img/form-disable.png
IP 104.26.7.145:0
File type PNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data
Hash 284c5d4bb722101d9ce5f925f5c0b9e7
c610bce010897692b228623b36a8da6e78ade7f5
d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650
GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: image/png
content-length: 9896
last-modified: Wed, 21 Sep 2022 07:52:51 GMT
etag: "632ac2d3-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0ThR1hCZfboJwftLbfZoIbCZS28wqyvbyjAO%2FtvTozfSUwN8l9w%2Bz8HcVKWJaErtEcUNo49gEqhR62kcvJzD2DWaXt5RrzFQ6QxbkKJuFbQQoxwzvvjYvzDUkoZsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdec89eeb4ff-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/formsapp-logo-white.png
104.26.7.145200 OK 1.9 kB URL HTTP/2 forms.app/assets/img/formsapp-logo-white.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8edd3c97094fa7a2e082915e5704a9bf
a33b8b4cfa61188431fd90374e857346277f1590
34484856915ff1c164ffb80718c46a3fd1314e6c7484b1cc2918223d65590ca9
GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
content-length: 1902
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5999
content-disposition: inline; filename="formsapp-logo-white.webp"
vary: Accept
etag: "632d9889-176f"
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e2nQoZmXWm5967GgMHHKa3OfeoySG6kQFF6e7%2FwusU0dxmAG3fTGSopjrNQLi3pBOZxeMvDzJJRQDvwtJmZzcJLSbRfbaiu%2BNLJvyYJMCWadcufGzCr2yZ9oow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee0b39b4ff-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/form-builder-blank.png
104.26.7.145200 OK 34 B URL HTTP/2 forms.app/assets/img/form-builder-blank.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cda661faf5e60e281e5f56067e7909db
324a0323af79f3142387d4761198f9ace2d78b3d
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65
GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
content-length: 34
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=149
content-disposition: inline; filename="form-builder-blank.webp"
vary: Accept
etag: "632d991d-95"
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cs2mjkcZ1xwE%2FfMccupPn5YhqKuojGQuoRiWCX5d%2BraSPbQTX6423ph%2BB3KgQFEg9zguSYoqKb7uIzr0k9GIQYxcmLNma591zoKBic33dtRzaSDmfoDp5zBH3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee2b78b4ff-OSL
X-Firefox-Spdy: h2
my.forms.app/cdn-cgi/rum?
104.26.7.145200 OK 19 kB URL HTTP/2 my.forms.app/cdn-cgi/rum?
IP 104.26.7.145:0
Hash 44101f3feb92e68fd58800a47f22d5d4
ca602fd2222ed1487166a08776556fab1aba2e29
5d4bc86f1fa5503c538dbad9094a585116e4e1614d3a4a4349dcbfb198b82bec
POST /cdn-cgi/rum? HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 384
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: text/plain
access-control-allow-origin: https://my.forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7506fdeddb14b4ff-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
forms.app/static/icons/apple-touch-icon.png?v=1
104.26.7.145200 OK 2.7 kB URL HTTP/2 forms.app/static/icons/apple-touch-icon.png?v=1
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cb786563c2eef055649de3d77457360c
b05739e2784fbc04431d913192bde24b4f4d2b64
31e7a128d20d057dfa1ecc2b866c094f944cf03846615c716e432c7641cd2bb6
GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
content-length: 2688
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5681
content-disposition: inline; filename="apple-touch-icon.webp"
vary: Accept
etag: "632ac2d9-1631"
last-modified: Wed, 21 Sep 2022 07:52:57 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6556
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WobeRAf4AWSksg%2F2wEGOegnSb6t%2BWRHc%2FKZ%2BZsaTj8A6WJgd2dH%2FEOezDijAf5jnF2DEkk4tDkJJp0Y8A1%2BOggFtsJHd7pdn4gNx7hoqJVyaNR3wXdymFWX8Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdef2c73b4ff-OSL
X-Firefox-Spdy: h2
forms.app/static/icons/favicon-16x16.png?v=1
104.26.7.145200 OK 336 B URL HTTP/2 forms.app/static/icons/favicon-16x16.png?v=1
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash daf2b94f00301f3f32d988b63290fef3
14242ca4977ec997a5d3d7e779186697e41a5c59
fd0abd01ba09e6eb0128a9f674b62173daca5a341a2a30883f60c9211d50d4b8
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
content-length: 336
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=916
content-disposition: inline; filename="favicon-16x16.webp"
vary: Accept
etag: "632ac2f0-394"
last-modified: Wed, 21 Sep 2022 07:53:20 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 5279
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gb2ALdLBNQEDWILnct3u%2FBNQOKkT8TFBUPytgr%2BlHDCQtU1uvrnAqVGhIY97AtIFlmxDelpu3bYE1CbKyGfx72RX5yBhu2sGnRX8XJuGebk1B84nVxJAFRHww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdef2c79b4ff-OSL
X-Firefox-Spdy: h2
certify-js.alexametrics.com/atrk.js
143.204.55.91200 OK 4.3 kB URL HTTP/1.1 certify-js.alexametrics.com/atrk.js
IP 143.204.55.91:0
File type ASCII text, with very long lines (4255), with no line terminators
Hash d89453438fbf10dcf4c13265c40d5160
02d5f4e46c94bf34e12b2d773f63f643ea2b3518
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hy2VxeP94-C1RkKQ66fDcHpE67RaJji2LJ3VoOopX1KHBdmH_it9jQ==
Age: 3779476
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=51856
date: Sun, 25 Sep 2022 21:53:19 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9816a34aa982a32c75960dea9eafeb8b
c7e109045ac10b4a16db658cab522d76260ad913
35e739f34c5de6ef430dd444b8a4dfff2fada8de37f67d460a43ab9e0697032c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oe9l0&_p=1492113339&cid=907535088.1664142797&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664142797&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F62b729dcbd94a175bbb0a072&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oe9l0&_p=1492113339&cid=907535088.1664142797&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664142797&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F62b729dcbd94a175bbb0a072&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-740JKHV4FZ>m=2oe9l0&_p=1492113339&cid=907535088.1664142797&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664142797&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F62b729dcbd94a175bbb0a072&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://my.forms.app
date: Sun, 25 Sep 2022 21:53:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4474bfba80fa3257384d1c908e1353bf
9a2869a3888743d575e6f87d2a7479d5d97fa123
63378e949c0ea9564e7660ea0522ce7a59727a0a5232b81b77f8525899f67a2b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.app/assets/img/phishing.png
104.26.7.145200 OK 16 kB URL HTTP/2 forms.app/assets/img/phishing.png
IP 104.26.7.145:0
File type PNG image data, 647 x 173, 8-bit/color RGBA, non-interlaced\012- data
Hash 6dc4d5bf6c0edf6c5580179a95f9ba45
e569728801513f3177f2c92eddf0f22578f68760
3f462262606da182df7b8e840e32bcb1c1547596df43a691a5e33c72c7c54c09
GET /assets/img/phishing.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797; __asc=7646083918376a3eb73591e34eb; __auc=7646083918376a3eb73591e34eb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/png
content-length: 16006
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
etag: "632d991d-3e86"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoPamr9dWhSpYp%2ByIKXqFUeNy1vWEHVGi9trFI%2FHMA92%2F0D6hAcyI5dEN%2B90ma6HZuLVc2aZJun0K55fyG7tZQ1PM9MFoveZ1QnIASScy267u2VDZBaNgmZn6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdefcd25b4ff-OSL
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 25 Sep 2022 21:53:19 GMT
expires: Sun, 25 Sep 2022 21:53:19 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664142797684&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=14933696045&sess_cookie=7646083918376a3eb73591e34eb&sess_cookie_flag=1&user_cookie=7646083918376a3eb73591e34eb&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
54.230.111.32200 OK 43 B URL HTTP/1.1 certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664142797684&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=14933696045&sess_cookie=7646083918376a3eb73591e34eb&sess_cookie_flag=1&user_cookie=7646083918376a3eb73591e34eb&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
IP 54.230.111.32:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664142797684&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=14933696045&sess_cookie=7646083918376a3eb73591e34eb&sess_cookie_flag=1&user_cookie=7646083918376a3eb73591e34eb&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Sun, 25 Sep 2022 02:09:43 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jGcJ55AcHR-ftkULPCKGOVkTF8Ms7qF-WkLNtLepMOieEv6bADJ-xw==
Age: 71017
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 295378998d8c9b8331ba999d05005e60
1e1836a0226bfca04b94c8cdf9bedb9b2837c220
eff125c19507fbe1b89654ec55a9f67bac7740257fbcf91cf5b0a601db51d950
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2600
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:19 GMT
Last-Modified: Sun, 25 Sep 2022 21:10:00 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 25 Sep 2022 20:41:09 GMT
expires: Sun, 25 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 4330
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=1D747FBE1ED663D610916D941F2362F6; domain=.bing.com; expires=Fri, 20-Oct-2023 21:53:19 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D0D08A1997984144B1871D34817DDC9D Ref B: OSL30EDGE0222 Ref C: 2022-09-25T21:53:19Z
date: Sun, 25 Sep 2022 21:53:18 GMT
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: zqB9+ObKdxMM4NG+XN02G/abxebvs3CCrpGENlPvjK7VNLeJvht6VFK/mSUo58JpgrMUnoWcxpFwo3G3yuNVWA==
priority: u=3,i
content-length: 26840
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 21:53:19 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14330
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 21:53:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14330
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 21:53:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14330
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 21:53:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14330
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 21:53:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rN_8rm10Pxb0AUKW6ECfNulcYxBaS7FgGD15gT14dX-FlsGJfqahxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:35 GMT
age: 944
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 295378998d8c9b8331ba999d05005e60
1e1836a0226bfca04b94c8cdf9bedb9b2837c220
eff125c19507fbe1b89654ec55a9f67bac7740257fbcf91cf5b0a601db51d950
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2600
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:19 GMT
Last-Modified: Sun, 25 Sep 2022 21:10:00 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d59e1bbd58ff8c5fe5faecb58149601
ad7f5ed3a5f6923a0b1bb093bbc0f31a44fd0bcd
c16a2adaeaabbe45801ab5d12ceaeab587b525b4959933f53a9c8dcdb12aec68
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7757
x-amzn-requestid: 3092c81c-f703-403a-b718-e18f035f9464
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJQFUWIAMF7Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-565f665c7e34294079703141;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hc0cpj1kMbAQqcM0ooSgEdS8nPP0m4FJD1bHdY7jN2OENNsJF_gluA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 07:22:33 GMT
age: 52246
etag: "ad7f5ed3a5f6923a0b1bb093bbc0f31a44fd0bcd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd09db434-67f2-44ab-86f2-081df7e6af92.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd09db434-67f2-44ab-86f2-081df7e6af92.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57b0e3ac4e16f6dc66a26a4389761d0a
e2e1b87dc1e205d437648f89cd6d0ad21019d662
1e2cd2c842e3aea339ba0c18267af45fd110e70d6e86ad1dab7b65b007afcc16
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd09db434-67f2-44ab-86f2-081df7e6af92.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8208
x-amzn-requestid: 0fd39a74-3b99-41d6-ba1c-87cb53d8a03b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shFFwQoAMFfvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-5774d24f791810730183da18;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uw91DMwK1-wj--1oyB5ejjezK_nufSQir_-DnDuSEFc6r7vXS91WZg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:33 GMT
age: 85906
etag: "e2e1b87dc1e205d437648f89cd6d0ad21019d662"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664142797694&url=https%3A%2F%2Fforms.app%2Fphishing
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664142797694&url=https%3A%2F%2Fforms.app%2Fphishing
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1664142797694&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664142797694%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQIgZetSW96t8gAAAYN2o_NbD-W0LKKeLJXDPXdNsFt1tGAQzPBvHgHtTRggAO0d3zf6ZSMyaI1zew; Max-Age=2592000; Expires=Tue, 25 Oct 2022 21:53:19 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIOR0qFMIx-IwAAAYN2o_NbAO3OJfM5unV9L1_ENnepkCAytvysul_jEqXT-X9LgSxXokNSdH7jM_shzE7Jog; Max-Age=2592000; Expires=Tue, 25 Oct 2022 21:53:19 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&b66107f9-2211-4889-81ff-cc2ceb2417c5"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 25-Sep-2023 21:53:19 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2395:u=1:x=1:i=1664142799:t=1664229199:v=2:sig=AQFm9J4uP529aDKmAU_0T9SGvb87Sogk"; Expires=Mon, 26 Sep 2022 21:53:19 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXph3BudIZy/i6XE2Eizw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9A830D808C484F64ACF0B4ACC25AF3DB Ref B: OSL30EDGE0514 Ref C: 2022-09-25T21:53:19Z
date: Sun, 25 Sep 2022 21:53:18 GMT
content-length: 0
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:57:02 GMT
age: 86177
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dfdacc8edea3c24dad020d7e9c11b3f4
2b6e37596e88b62f288dc8e8c937fd904fae28d5
338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:07 GMT
age: 972
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff440191a-84ee-43b5-bafa-0bb36c962f39.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff440191a-84ee-43b5-bafa-0bb36c962f39.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b156552f4d76fd964b279ebcf8cd1f8e
6a02487368bbe41b87feeef1f70f7320392d72a3
ceddf1a515c64d0071a4d90c26de60a27ee2bf2af341bf1572fb05743d2cc644
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff440191a-84ee-43b5-bafa-0bb36c962f39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5293
x-amzn-requestid: a35423bc-9112-48da-85e0-93ac41794d29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PkGehoAMF1pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-450fad077885fae416572443;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IAon_ZYxu87A9OB775Q1unI4sdLHdE-Ij9QNYaB2mqftP0IoAsgnvQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:39:26 GMT
age: 833
etag: "6a02487368bbe41b87feeef1f70f7320392d72a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash c9184176dc8ee17dde36e56793d6c712
dc24f988348d560a0e8cc839e1a5dd3e5c58d1bd
6eab0e6e1beb6f67a28f418973097f2ad0fab0077bff674b0dbdc3f4c01746cf
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 21:53:19 GMT
Last-Modified: Sun, 25 Sep 2022 21:10:17 GMT
Server: ECS (nyb/1D2A)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Vm1vMT4UVC6J4tzjhVv0nMRngWRP-2bXkihUVTgRpU8LdnLZDvBo_Q==
Age: 2582
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1d095ec6a56142cb2084481b06881ef4
82ff236023008fbfb871aaa7c1e976e0cf15e91a
791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=c618c7f2-3d5f-4d5e-a1fa-33bcb1ad98d8&sid=76e99b803d1c11eda03d4700bd947ec1&vid=76e9c3a03d1c11eda5ec87027cdcb185&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=447&pt=1664142797182,,,,,0,0,0,0,0,0,35,222,222,226,436,446,447,,,&pn=0,0&evt=pageLoad&sv=1&rn=442776
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=c618c7f2-3d5f-4d5e-a1fa-33bcb1ad98d8&sid=76e99b803d1c11eda03d4700bd947ec1&vid=76e9c3a03d1c11eda5ec87027cdcb185&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=447&pt=1664142797182,,,,,0,0,0,0,0,0,35,222,222,226,436,446,447,,,&pn=0,0&evt=pageLoad&sv=1&rn=442776
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=c618c7f2-3d5f-4d5e-a1fa-33bcb1ad98d8&sid=76e99b803d1c11eda03d4700bd947ec1&vid=76e9c3a03d1c11eda5ec87027cdcb185&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=447&pt=1664142797182,,,,,0,0,0,0,0,0,35,222,222,226,436,446,447,,,&pn=0,0&evt=pageLoad&sv=1&rn=442776 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=24C3CF7F545765A131A8DD5555A26438; domain=.bing.com; expires=Fri, 20-Oct-2023 21:53:19 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C70EB923131D4C1C956942CD0011A0F3 Ref B: OSL30EDGE0222 Ref C: 2022-09-25T21:53:19Z
date: Sun, 25 Sep 2022 21:53:19 GMT
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664142798068&cv=9&fst=1664142798068&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1093087000.1664142797&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664142798068&cv=9&fst=1664142798068&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1093087000.1664142797&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2304), with no line terminators
Hash 53c22c3ede18c04779b01dfcdb531934
d6c3b2f745f05f402a7379063976392379f1909c
e2371503bf195fff76eaf3d85c3f6b50f6572e8225feeb9bfc373b210052fec2
GET /pagead/viewthroughconversion/587928374/?random=1664142798068&cv=9&fst=1664142798068&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1093087000.1664142797&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 21:53:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1037
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Sep-2022 22:08:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=907535088.1664142797&jid=52001417&gjid=1954205902&_gid=624651242.1664142798&_u=aCDAgEAjAAAAAE~&z=384120175
64.233.162.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=907535088.1664142797&jid=52001417&gjid=1954205902&_gid=624651242.1664142798&_u=aCDAgEAjAAAAAE~&z=384120175
IP 64.233.162.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=907535088.1664142797&jid=52001417&gjid=1954205902&_gid=624651242.1664142798&_u=aCDAgEAjAAAAAE~&z=384120175 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 25 Sep 2022 21:53:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1d095ec6a56142cb2084481b06881ef4
82ff236023008fbfb871aaa7c1e976e0cf15e91a
791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/p/action/137024713.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137024713.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=085DC5AA65E565853417D78064106444; domain=.bing.com; expires=Fri, 20-Oct-2023 21:53:19 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C1C2029B570140BF9EBF4DB73A84AC33 Ref B: OSL30EDGE0222 Ref C: 2022-09-25T21:53:19Z
date: Sun, 25 Sep 2022 21:53:19 GMT
X-Firefox-Spdy: h2
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
35.85.83.51204 No Content 0 B URL HTTP/2 redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP 35.85.83.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Sep 2022 21:53:19 GMT
server: Server
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664142797694%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664142797694%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664142797694%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664142797694&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&83a1a5d7-05ff-464e-8984-2db1669ddd62"; Domain=.linkedin.com; Expires=Mon, 25-Sep-2023 21:53:19 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202209252153199f396d55-13c1-4e45-8c89-635396d0d146AQG8alnx6hfO6pnEDorYxpZJk-3Shvvo"; Domain=.www.linkedin.com; Expires=Mon, 25-Sep-2023 21:53:19 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjQxNDI3OTk7MjswMjHetVKVYA2Y8tCu++DUCEYbHrCI0XtTTmbFhSpZW8Q5EA==; Domain=.linkedin.com; Expires=Fri, 24 Mar 2023 21:53:19 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2392:u=1:x=1:i=1664142799:t=1664229199:v=2:sig=AQFYKJpI-_pYvGq_dxVN95UdkrRQ7xg1"; Expires=Mon, 26 Sep 2022 21:53:19 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXph3ByXETW0uZ8lBReIA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 8DC9BCC7FFE541528B0BD76CDDDC92C7 Ref B: OSL30EDGE0514 Ref C: 2022-09-25T21:53:19Z
date: Sun, 25 Sep 2022 21:53:19 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/587928374/?random=1664142798068&cv=9&fst=1664139600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=1169588814&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/587928374/?random=1664142798068&cv=9&fst=1664139600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=1169588814&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/587928374/?random=1664142798068&cv=9&fst=1664139600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=1169588814&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 21:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=907535088.1664142797&jid=52001417&_u=aCDAgEAjAAAAAE~&z=1762033543
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=907535088.1664142797&jid=52001417&_u=aCDAgEAjAAAAAE~&z=1762033543
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=907535088.1664142797&jid=52001417&_u=aCDAgEAjAAAAAE~&z=1762033543 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 21:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664142797694&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664142797694&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1664142797694&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&a5ead4fd-5222-4c7c-84d2-cf11c562ff50"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 25-Sep-2023 21:53:20 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2349:u=1:x=1:i=1664142800:t=1664229200:v=2:sig=AQE-N5tEwt494JUXwfDUDU-xyqplJXGn"; Expires=Mon, 26 Sep 2022 21:53:20 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXph3B1PSQxBgQP5UXFAg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 752982B2E042431590318A0267E4845B Ref B: OSL30EDGE0514 Ref C: 2022-09-25T21:53:20Z
date: Sun, 25 Sep 2022 21:53:19 GMT
content-length: 0
X-Firefox-Spdy: h2
widget.intercom.io/widget/tt7hkkgs
54.230.111.95302 Found 0 B URL HTTP/2 widget.intercom.io/widget/tt7hkkgs
IP 54.230.111.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 20 Sep 2022 08:31:36 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7LkW_dbQnUQrpjlqqLBZ3OTDF21OaAMFcNZc3tEX4mF0Tazi_xKjww==
age: 480105
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664142798730&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664142798728.1671649515&it=1664142798185&coo=false&tm=1&exp=b3&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664142798730&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664142798728.1671649515&it=1664142798185&coo=false&tm=1&exp=b3&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664142798730&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664142798728.1671649515&it=1664142798185&coo=false&tm=1&exp=b3&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sun, 25 Sep 2022 21:53:20 GMT
X-Firefox-Spdy: h2
js.intercomcdn.com/shim.latest.js
54.230.111.118200 OK 6.2 kB URL HTTP/2 js.intercomcdn.com/shim.latest.js
IP 54.230.111.118:0
File type Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Hash 78e5fa5780a095f31cd5ad256609db60
bc268b805d2bdd61437de79b38de1c27d16060bd
dbf5cace47334b0e3b1972da94b7a1d4a64e3c517ee3699c3bcf9a88a75e9d9c
GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6170
last-modified: Fri, 23 Sep 2022 14:33:24 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: dohpLQMJATrJhKVWci90uJsHoPft_NB6
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 21:51:07 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "78e5fa5780a095f31cd5ad256609db60"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TcLnP8n1Vj59Butx7wzGFOi0OPrBO16m_TWDhDu7pQfn5mjyTm6yoA==
age: 134
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
js.intercomcdn.com/frame.d3f71718.js
54.230.111.118200 OK 130 kB URL HTTP/2 js.intercomcdn.com/frame.d3f71718.js
IP 54.230.111.118:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 130 kB (129676 bytes)
Hash b9494458865666162b3a68d85fc9daa7
8e007cacbb8b9510edf2d4e4f46868bc7abdd7e0
82c3cdb5c762cdaaed36cfd9c946c9fc7012f284a5d42bbd351547fc7d71cbe1
GET /frame.d3f71718.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 129676
last-modified: Fri, 23 Sep 2022 14:31:56 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: jEj7i7pT6cAf82x31Uac6hrRy4xnf5kB
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 20:33:30 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "b9494458865666162b3a68d85fc9daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HDCeFn3wHmENkIIHjZ-X27tGMvHf-YfgW0FfnKvjMwA5bIk_KXCL2A==
age: 4791
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 59c84ea1e13af944fd53e6acfdc55b02
fd03214680da68b2a88048c712674b0e0d2a5a41
3c6c62e401d16ed69f8de86f5610d4e58c0ebd10d1439c884cc1a5edd6d599a5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4784
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 21:53:20 GMT
Last-Modified: Sun, 25 Sep 2022 20:33:36 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 77 B URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 21:53:20 GMT
via: 1.1 varnish
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 154
x-timer: S1664142800.448957,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
forms.app/assets/img/formsapp-logo.png
104.26.7.145200 OK 2.9 kB URL HTTP/2 forms.app/assets/img/formsapp-logo.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 59766a971f90101d029ff73f0478a40e
131f63ef0a1d7cb350bddbae1a024fd3f6ec5489
6da09df32ca888e63b7c58d507cb1d717850be72fd4ba9b10dd26a7c478fc10a
GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.1.1664142797.0.0.0; _ga=GA1.2.907535088.1664142797; __asc=7646083918376a3eb73591e34eb; __auc=7646083918376a3eb73591e34eb; _gid=GA1.2.624651242.1664142798; _uetsid=76e99b803d1c11eda03d4700bd947ec1; _uetvid=76e9c3a03d1c11eda5ec87027cdcb185; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664142798728.1671649515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:20 GMT
content-type: image/webp
content-length: 2852
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=3548
content-disposition: inline; filename="formsapp-logo.webp"
vary: Accept
etag: "632d9857-ddc"
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Og1NoOtxYN25XdfywK3GW%2BIhHcX9p8GgpmfzTXSzHtTU8GkLktXluliQrVV05HnXoNoGxhmRCWfcds99SnsqNAwyRT1RspodPAg4PmdCZFsSfSndA4ChMQGZUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdf70c62b4ff-OSL
X-Firefox-Spdy: h2
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2082&ck=1&ref=https://forms.app/phishing
185.221.85.3200 OK 24 B URL HTTP/1.1 bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2082&ck=1&ref=https://forms.app/phishing
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2082&ck=1&ref=https://forms.app/phishing HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 435
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 21:53:20 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 7506fdf95a270d4e-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jKNq%2FpjTs8vsjZKTyQzZWPDLDY4nz3MZ%2BaOR99cLjief6NUBfkvxkPRtK5WyF5xmNjaoDmc8DvxjWVoWQ%2BGMgUaXUg1oKQ1iEBem%2BuPcMxHDLh3bUJbxAJ63VzoRRn35oxs%2Bhw7i"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
forms.app/assets/img/huawei-app.png
104.26.7.145200 OK 7.4 kB URL HTTP/2 forms.app/assets/img/huawei-app.png
IP 104.26.7.145:0
File type PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 86c2e696aa2528b2cb3589897ba4bfb7
598e89de6512720a92e4e94a538e2eb64d746229
eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6
GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.1.1664142797.0.0.0; _ga=GA1.2.907535088.1664142797; __asc=7646083918376a3eb73591e34eb; __auc=7646083918376a3eb73591e34eb; _gid=GA1.2.624651242.1664142798; _uetsid=76e99b803d1c11eda03d4700bd947ec1; _uetvid=76e9c3a03d1c11eda5ec87027cdcb185; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664142798728.1671649515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:20 GMT
content-type: image/png
content-length: 7360
last-modified: Fri, 23 Sep 2022 11:30:53 GMT
etag: "632d98ed-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qkzp8k%2F9wq7wYZZ9k0rThy5c3Vgdfpi7TJman7pb6Gp5YywT9WRZEXxNDmMdNsJK9%2FcIfBBmlrNkJc%2FHvySRsf4tvdoYiil8nObW6Y%2BfvoT%2F3ESfj70IineDvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdf8de1db4ff-OSL
X-Firefox-Spdy: h2
js.intercomcdn.com/vendor.58bf4134.js
54.230.111.118200 OK 7.6 kB URL HTTP/2 js.intercomcdn.com/vendor.58bf4134.js
IP 54.230.111.118:0
Hash b30b4bd0775acd1e172ed059d1151d4d
70d96852cfae2fdc113342e3bf46cc4ebe706815
cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b
GET /vendor.58bf4134.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103175
last-modified: Thu, 22 Sep 2022 09:02:20 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: eos8xj9gnlmhlNfXzSYn.0lvA6_CiGy2
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 21:03:41 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "c5c7554fee6470af01ca223ef9648618"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: c6lhl6w2muNdjEultTOS_Ywi47lMb7Tdrix13uDY8BAFB-ItuEia3w==
age: 2979
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
forms.app/assets/img/app-store-logo.png
104.26.7.145200 OK 7.6 kB URL HTTP/2 forms.app/assets/img/app-store-logo.png
IP 104.26.7.145:0
File type PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 02b87ac5a0d67d23008ed83695705c23
1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5
a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736
GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.1.1664142797.0.0.0; _ga=GA1.2.907535088.1664142797; __asc=7646083918376a3eb73591e34eb; __auc=7646083918376a3eb73591e34eb; _gid=GA1.2.624651242.1664142798; _uetsid=76e99b803d1c11eda03d4700bd947ec1; _uetvid=76e9c3a03d1c11eda5ec87027cdcb185; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664142798728.1671649515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:21 GMT
content-type: image/png
content-length: 7634
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
etag: "632d9889-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMtb%2B3zwDsobk%2F%2FQ423Vl51D0sNubQqiJKXLbOxuj2pkUU5BKI4G1MGVYXLwZ0ThArIkZeqehXHZEqy6kR1GfM44cG7hP9jNAU%2F9vFRqVsHnynWvrr8bw6kJcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdf9aec2b4ff-OSL
X-Firefox-Spdy: h2
nexus-websocket-a.intercom.io/pubsub/5-ZLsoMECjD8X_AP9xU_PU-SM6dH3k5pxODSS5Yuco0A9aKK9UBunjpZZgcxpYgpkEctaQwynWfAYVH4zZMV8miKEUlHl2JcEf-uta?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
35.174.127.31101 Switching Protocols 0 B URL HTTP/1.1 nexus-websocket-a.intercom.io/pubsub/5-ZLsoMECjD8X_AP9xU_PU-SM6dH3k5pxODSS5Yuco0A9aKK9UBunjpZZgcxpYgpkEctaQwynWfAYVH4zZMV8miKEUlHl2JcEf-uta?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP 35.174.127.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pubsub/5-ZLsoMECjD8X_AP9xU_PU-SM6dH3k5pxODSS5Yuco0A9aKK9UBunjpZZgcxpYgpkEctaQwynWfAYVH4zZMV8miKEUlHl2JcEf-uta?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ptNNVnMV13+kov3JV9XC1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sun, 25 Sep 2022 21:53:21 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kfRgkVmy+cWUVybeRL4juG4U56E=
my.forms.app/static/css/asyncstyles.4869d.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/asyncstyles.4869d.css
IP 104.26.7.145:0
GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:22 GMT
vary: Accept-Encoding
etag: W/"632ac2f2-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6572
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dtBZIRiHB5Y39tt2bB2kk%2FuGYJ9e8d43xl8BRKl%2F%2BLAsn1R54Nx0gAj0d%2BicbQidzwekjgMPKkYfYzCuvhA0vRAxXolwlJbXJHlZHIQF%2FCWIvJ9OK6I3TjGofH%2FL3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d77b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/user/gettimezonefromutc
172.67.72.65200 OK 0 B URL HTTP/2 api.forms.app/user/gettimezonefromutc
IP 172.67.72.65:0
POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFqJVfztGFqWQ0DRdrD7Q8tbFwzDEH98l76JzhBN2JeexSsomgE93B%2BZs9MdOWGXg1QpQKyjZ9GQvemvtkDU5b19s1rXIJVYPXVX%2BDp3ffJaAzdc43%2B%2FKLYACZUbthE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdeaddc0b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/sheets.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/sheets.png
IP 104.26.7.145:0
GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6381
content-disposition: inline; filename="sheets.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7cvwbV%2B%2F3FyY93K1CbV%2BBG5xuoLW1bOQVUDeJ4CPF7sQienahmk1jly7gIV4TwYVDBkaw0oOq%2Bb37TpaeRY4jVOJvYb4619tppqgh2gUTh%2B3GdncxJ9wwF5xhK5YpENR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee0b4db4ff-OSL
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
172.64.156.26200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 172.64.156.26:0
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7506fde85e090b06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
file.forms.app/sitefile/excel%20copy.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/excel%20copy.png
IP 104.26.7.145:0
GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6706
content-disposition: inline; filename="excel%20copy.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J6x8P4Ia2N5EopUHcJe44LVzhMqNWrrWv6bUsmgQ%2FSnqlWYJdyRJ7iai%2F6BIPdURPRJduQ30EGklaUpoXTkDmlM91ZE1GiwzUusJXAvz4z%2F5aYgwVXvTrrZmiXUO3q7e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee1b57b4ff-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/WhatsApp.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/WhatsApp.png
IP 104.26.7.145:0
GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6737
content-disposition: inline; filename="WhatsApp.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qOLucaz%2BvHU%2BFjto1kEPVzJxhSJTXanvZBB5wOUfBqUlnJTX7MiPntAnZReJrCrkYG5bvX0bjm6NxKMmYaxuADXMvXUcWUPdQsgbzOuBTVejQiYq6sJyyqpPTetgEOiF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee1b56b4ff-OSL
X-Firefox-Spdy: h2
forms.app/phishing
104.26.7.145200 OK 0 B IP 104.26.7.145:0
Analyzer Verdict Alert fortinet Phishing
GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 11:27:17 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VafUibvgb4O3lNu%2FQVtFGJWLjgUjeRpQh8h8ix29yWRnR82CeXdmIAS9%2BmSoZaU%2FBvjmi7ScH1Pq4yJC91Gk6hFAgbN%2BTjqmjGFB0sPNWM02IZWbfAuI1Yn2hA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdec79e5b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/hubspot-crm.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/hubspot-crm.png
IP 104.26.7.145:0
GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=9843
content-disposition: inline; filename="hubspot-crm.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ho6sNn5Mra6qZDtC5D7NK8y9CwprpL5e0EJboY67nhekYbz7Wa7cEji6mktGc3fqCTqxokNu8Op0IiHt7JEwjAFDVlCqJwbgGYD54ZTjPFKS33woKFklwyLzUyZDqPOR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee0b4cb4ff-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/Notion.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Notion.png
IP 104.26.7.145:0
GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2900
content-disposition: inline; filename="Notion.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j0UraKFKjpGiRS56DS8TnX4iBlLUD703l11%2F%2Bx5fZWXBvxx3Tixu1pOObv6IcjdIWg5uMadDaEpfCP0u3Iux3d%2BZRlgBvuacz7lnIUGBM9atIP3KcV38fGYUFIhCXLl5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee1b5db4ff-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/help-resources.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/img/help-resources.svg
IP 104.26.7.145:0
GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
vary: Accept-Encoding
etag: W/"632d9857-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8olGRPGiwyGgo9PS6NEr%2FPsAScn7Wvj2B7C9cRVnqVClGv1rVCu7wbmz3hvoy13Wq%2BgmmIPSxY1EpnrN8op6taqjEZGaPrnFvp60phWNtos2sm9K2BLbAQ6%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee2b75b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vuelazyload.45220.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vuelazyload.45220.js
IP 104.26.7.145:0
GET /static/js/vuelazyload.45220.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:52:43 GMT
vary: Accept-Encoding
etag: W/"632ac2cb-50a6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hoErTxL7QTugpIjZLHmmDY73HEo0pmjYLcj%2FN%2ByhIKZwAUCQV%2B%2FN0dRPNSu%2BUJXRj4qkMx0uinHxMXbHQdm4sBvvS13qU2TVluJkMoP6mE%2Busx9wBoZwt2USOwcV9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde96ea9b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/icons.df638.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/icons.df638.js
IP 104.26.7.145:0
GET /static/js/icons.df638.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:00 GMT
vary: Accept-Encoding
etag: W/"632ac2dc-3b710"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDBwypmJxVkeqxOIXg%2BVgWWe0LSOCHj29Cvahz3yyDR7iil44Me5KCF2ZD%2FnSQAjKv7sP%2BSal576R1AeUw9MLEBlnLiLYqVyFDCovwXZwPDt7K4E5ITeN1Ul8a8MFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdecaa06b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
104.26.7.145200 OK 0 B IP 104.26.7.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiYTdlZmY4NWE2YzU1N2ZkYiIsInRyIjoiNWQ5NDZmMTE2ODViNDI5NzYzYzE0OTU5NmU0ZWQzM2IiLCJ0aSI6MTY2NDE0Mjc5ODc0NX19
traceparent: 00-5d946f11685b429763c149596e4ed33b-a7eff85a6c557fdb-01
tracestate: 2885732@nr=0-1-2885732-286479549-a7eff85a6c557fdb----1664142798745
content-type: application/json
Content-Length: 16294
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.1.1664142797.0.0.0; _ga=GA1.2.907535088.1664142797; __asc=7646083918376a3eb73591e34eb; __auc=7646083918376a3eb73591e34eb; _gid=GA1.2.624651242.1664142798; _uetsid=76e99b803d1c11eda03d4700bd947ec1; _uetvid=76e9c3a03d1c11eda5ec87027cdcb185; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664142798728.1671649515
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:20 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7506fdf62b76b4ff-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
my.forms.app/form/62b729dcbd94a175bbb0a072
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/form/62b729dcbd94a175bbb0a072
IP 104.26.7.145:0
Analyzer Verdict Alert fortinet Phishing
GET /form/62b729dcbd94a175bbb0a072 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:17 GMT
content-type: text/html
last-modified: Wed, 21 Sep 2022 07:52:51 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHEKPWazF5vrOZYFFgDxX8L6kRkRTKJkS8m1v1Dv7xlDW7J1UJu7Z5v3q6zFeea2duGpQCThZrjynynkJKNBqs%2F6m2tQf%2BjL7psgUlWhARFmyQpUhrYCZPrWoWFUSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde65bd7b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/slack.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/slack.png
IP 104.26.7.145:0
GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6402
content-disposition: inline; filename="slack.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NYvQrcGHJ7bi4bYRv2ODZLWG%2BC3iGjxXm2LlEdxpxmaSrHR0qifnx41gUBbMJCj7bZ4myHe7DFokoDOeitJR8ewnEFwhFbMlA9%2FwHn3hmIR8yuH8U0wYYJVhEU3QpSMO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee0b4bb4ff-OSL
X-Firefox-Spdy: h2
api-iam.intercom.io/messenger/web/ping
3.228.200.107200 OK 0 B URL HTTP/2 api-iam.intercom.io/messenger/web/ping
IP 3.228.200.107:0
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:21 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1664142810
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13332
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: 6bfa21029297348698a2db16e38de5daa3cceae4
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 002sskpvrt12dbnm5u60
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"c7bf2afeb08197034816d5c7ac7a379f"
x-runtime: 0.268802
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0e4eed92dc7cf8528
X-Firefox-Spdy: h2
accounts.google.com/gsi/client
216.58.207.237200 OK 0 B URL HTTP/2 accounts.google.com/gsi/client
IP 216.58.207.237:0
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Sun, 25 Sep 2022 21:53:19 GMT
date: Sun, 25 Sep 2022 21:53:19 GMT
cache-control: private, max-age=1800
content-security-policy: script-src 'nonce-7LIj99whKwihMjzi5oikkA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.forms.app/static/js/vendor.523c4.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vendor.523c4.js
IP 104.26.7.145:0
GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:09 GMT
vary: Accept-Encoding
etag: W/"632ac2e5-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6572
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3UUii2VEpMYfW02nqSSF3lQ2p48t2FSesabEAkwWmEU5RaLpZ18CB9HmSk8VwseQ252tAubWtqVdHjIh%2BlO9v2lpB3M6a00m9Hhi%2F6%2BP5nO2LhQLN9cXbmHLz7qFWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d98b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.d4928.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.d4928.js
IP 104.26.7.145:0
GET /static/js/FormBuilder~FormDesign~FormView~LocalForm.d4928.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:04 GMT
vary: Accept-Encoding
etag: W/"632ac2e0-d5c9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toUNENtoRXqwFZOh0OzE5dNRcMJ66g8Z8qrJimO5B0JCnTkImH19%2F33hGOLLFBEwmbud9U2cFsmqabIXbMHiMUcuBR8jFq1jmydX8DZLhEd09qpMeIyc4aI7%2BSLwLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde98ee5b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormView.2d11d.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormView.2d11d.js
IP 104.26.7.145:0
GET /static/js/FormView.2d11d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:52:48 GMT
vary: Accept-Encoding
etag: W/"632ac2d0-a5f2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2BSVSzSHFjkGfgYFuxBPHj9VmulUtTCmxkInumbKWJ0r1Kxss3V5fgOE%2FFvP7UbRMO8EwzOcKaovfi0mbtOmhuY5q3TdizHH1tlMLF%2BExHHyeABAa69w4rXk%2BVB%2BDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde99ef3b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/trello.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/trello.png
IP 104.26.7.145:0
GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5239
content-disposition: inline; filename="trello.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOp7GP10kXWaxKTa0LU1RCc8UcfBgqTRY8F1qHca%2Bt2TjtkztHZH7%2BaCumQKr5MI1HDl7a5vjOFjCr651uZc6AVZUKMwGzdfFgFqR5yFsUZ21ZIs8dTANJnrtftffkEk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee0b4eb4ff-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/wordpress.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/wordpress.png
IP 104.26.7.145:0
GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=14590
content-disposition: inline; filename="wordpress.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iAjyAOFV1XbYJFTAe6%2BgR4Rpzs7vQPKW8ldm5aPG5yCUT1hHSXWGYkONuWWoRLH57ZPrEoSbaLjshDbY6qK7mxK9hM4NMmA%2FBv6DFuM2jsX418hcpM%2Bv5ESbsYUgSIk6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee1b5cb4ff-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/templates-resources.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/img/templates-resources.svg
IP 104.26.7.145:0
GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HA823D8d9482Ib3xlZT%2Fq07ZomoKB1pKehT6wMI63wSryb%2FILshIinN9ROsc%2BYAcc3bSg1xqPCd4WFlb63yjuzuQFrPTUp8RffslrUwISMA8eOYr6AtIwEaSWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee2b76b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/google.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/google.svg
IP 104.26.7.145:0
GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
etag: W/"632ac2ea-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FlAL3BvnAWAQlBfcdPa4KfAJd%2FvzGqjDFDkW3LxC55zA%2BlHTxY9%2FnmQqZf%2FYGJeFTZDisMON1OwnFdQevEfHmNJc3ot%2B0WU%2BBvS7JuxlquxkVvXnndxrEYwTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee3b7cb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
104.26.7.145200 OK 0 B IP 104.26.7.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.1.1664142804.0.0.0; _ga=GA1.2.907535088.1664142797; __asc=7646083918376a3eb73591e34eb; __auc=7646083918376a3eb73591e34eb; _gid=GA1.2.624651242.1664142798; _uetsid=76e99b803d1c11eda03d4700bd947ec1; _uetvid=76e9c3a03d1c11eda5ec87027cdcb185; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664142798728.1671649515; intercom-id-tt7hkkgs=fa13edff-96f1-41e3-bdab-923473459ded; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:26 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7506fe1c2bfeb4ff-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
my.forms.app/static/css/app.bb6f5.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/app.bb6f5.css
IP 104.26.7.145:0
GET /static/css/app.bb6f5.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:52:59 GMT
vary: Accept-Encoding
etag: W/"632ac2db-12356"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3542
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cisOGUkQYzcnPxE8QVqAM1utnvm1jGTBFL%2BtOmHAebXeiSEhl%2BnVIILvI%2FEY536WqxukXmNf7pdd1Mqk4ySzG%2BE6IZVn4Enmce4SzKk1lL1S3aDvYUwCuiXZuJCIfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d76b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/dcomponents.15d95.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/dcomponents.15d95.js
IP 104.26.7.145:0
GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:16 GMT
vary: Accept-Encoding
etag: W/"632ac2ec-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6572
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=48G3%2FRh1%2F6Tf0h0JdjngeefefqSE3XJeVq5YUBu6ny5NaDTcqYu9qXFvThdv2d7u04QydzhzbiZEKMIxy%2BxlBWTcaoUiuYvv%2FOLxJPx756Vhq5C7zScDzwuR6U9Luw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d8fb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/swal.2ebcf.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/swal.2ebcf.css
IP 104.26.7.145:0
GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
etag: W/"632ac2ea-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cvs%2BAl7%2F1TKXeW3BiKOlva%2BZYYknb721un83FHtMjL2FAPoPO1XoENoBXZLgNX4A9ePVc9lQPTBd%2BVZfM3aO7lF3AKpHNbF%2B5diekezLKixBT19HjW1kIGRyc3YXfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde96eb6b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/blog-resources.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-resources.svg
IP 104.26.7.145:0
GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
vary: Accept-Encoding
etag: W/"632d9889-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ii7e4S5DjhTmJQ2ZyrXAaGz79H0PC5yPE7N%2FRbgAT8oQQXVBVYGY16j1BXkTb2uTM6eb028vBYSPNeaF6tqtYfS%2BVR%2FZPJYZv0fr5Y072aJrGLxRLxr69dWt%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee1b60b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/app.8fc17.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/app.8fc17.js
IP 104.26.7.145:0
GET /static/js/app.8fc17.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:27 GMT
vary: Accept-Encoding
etag: W/"632ac2f7-3f33c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6572
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWgXsHUcdNUB1yUFEgV%2FS0qbIvhQYbrQwr86qcJcyYRAjpewEc%2B6lIbfy2UCaE09UWGlnXSZjjoy5Q0%2B%2Fst83ogcqUMMnbqXsNtHPvxpVWS%2FOvS0kInKEvokK9Br3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d89b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vuegtm.3359a.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vuegtm.3359a.js
IP 104.26.7.145:0
GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:08 GMT
vary: Accept-Encoding
etag: W/"632ac2e4-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0ZBYj9jNnCtbxOzlmhSIcCmRPW3cqZZhmAAIBw0ACZ3OyplQE80EGWkcXzhC4CTqZZF0TYCgyb1veLK%2FmVDoKdbfuyh3gaHctunCpHooy31sYGTyKixeIs6FBHw3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde96eb9b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
IP 104.26.7.145:0
GET /static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:52:44 GMT
vary: Accept-Encoding
etag: W/"632ac2cc-114"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yfi%2FRDzL59Cuq86Tv9d5KOOKVz75eS8YV%2Fu6JBzQO6A53T%2FQEjchnKv9D%2BU0fOeEH0hUfG%2BaCEDDM7HdLlNK2BzPoCF7wIPq57NAEAjyzEOUP4HiP%2BAYUwd6JfJ%2FaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde98ed8b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/Google%20Analytics.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Google%20Analytics.png
IP 104.26.7.145:0
GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2090
content-disposition: inline; filename="Google%20Analytics.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LK6s46VhcgTsltcYMFRgU6Qe3xJSqquRdXd6LtXHSuSh5l%2FF60P9twthhp09F4xGtWvf4HzuxaBV%2F5B3MJgJLhqcqmXv1UsvTaWQHvxdvhFRggdf%2Bk8O6DK1oU1GTwt0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee0b51b4ff-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/airtable.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/airtable.png
IP 104.26.7.145:0
GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=7872
content-disposition: inline; filename="airtable.webp"
vary: Accept
cf-cache-status: HIT
age: 6555
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xiJZhivUZUea6e1AFePWqMgaxkOxuIKA8acpdXyTUO9TCuL1xTbMzdGbdJo9Uj94W8qIQQIlMpwk1tRQpgtqBfNq5%2BzCTwVWq8LJ0ICnn8hf7E9o068LntdMPBBcEZbD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee1b5fb4ff-OSL
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/facebook.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/facebook.svg
IP 104.26.7.145:0
GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:52:51 GMT
vary: Accept-Encoding
etag: W/"632ac2d3-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygC3vkjKXBDwiR3EOJKbKlgXkocuM54KmKugE4MCvJ0uYTgdqcwhILgWnYmzU8jyXPmWOz7Vn4wu7jVsLMwc4kB%2B03Ki32rJj0V3YLNsavw3aUf3fNazNU617g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee4b92b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/js/login.fb59ba75.js
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/js/login.fb59ba75.js
IP 104.26.7.145:0
GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
vary: Accept-Encoding
etag: W/"632d9857-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mk%2FS9oPQT3htc7%2Bb4PwE%2BpI3%2BvSoCnHo1ziglo5sHpT9HrwjnJ9FfsshhZ1RrxGeiEwMUr7Gw4DVdFHGZIiiSAvqaC4VJwaX3WBFAfo0S14OSfg9yq%2BqHUO02w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee4b99b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/iicon.8278c.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/iicon.8278c.css
IP 104.26.7.145:0
GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:06 GMT
vary: Accept-Encoding
etag: W/"632ac2e2-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3542
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bc%2FvAiQOcS7wvpHNM1HHuxSSFZLQgZkdylK2RNBg1xHe5m5xRE1ZUooRcpkyqRFdmHRLKtJ11%2B1ifYZIIYMl5QGLCTI5f0Y6sX4M4w353mIe6llgZN5%2BG7meuId8%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d7eb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/dcomponents.77be9.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/dcomponents.77be9.css
IP 104.26.7.145:0
GET /static/css/dcomponents.77be9.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
etag: W/"632ac2ea-1ac3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3542
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5TN47hyOpAlk3IS7hwavH15LEXHD5LI4zFU1bQiboYgq3qGjJb0MtLjakOTryEVYwTEDk4mnRAhrA7IoUxh9L%2FXpY72ZU9540EtIj4whRnEB6EffNorFVekETfpmPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d7bb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/asyncstyles.7792f.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/asyncstyles.7792f.js
IP 104.26.7.145:0
GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/62b729dcbd94a175bbb0a072
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:01 GMT
vary: Accept-Encoding
etag: W/"632ac2dd-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6572
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=obhRucBoBzCqljZ1eqqD1%2FMLQV948C9H99KLi0%2FDEASxpZhSIyV%2Bs9sEHpf6h5JvvrXGPQhWDwJowdGLW8LSOx7U5K2Zuz6BIX0ZlQGjBZkPFaBDVo9Dudi9iLNnlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fde82d8db4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/form/62b729dcbd94a175bbb0a072/view
172.67.72.65403 Forbidden 0 B URL HTTP/2 api.forms.app/form/62b729dcbd94a175bbb0a072/view
IP 172.67.72.65:0
GET /form/62b729dcbd94a175bbb0a072/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Authorization: none
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 403 Forbidden
date: Sun, 25 Sep 2022 21:53:18 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52QgihlHr206ciF9LpUhxW3DSSC%2BkcVeuXCad9BhvQWD%2B1t1ETkrDDtAadKT7U84g%2B%2BfBH9UOF1QLxVoMn8%2FoFX%2FR38WWM8s2vPjF6GooiTIefsvm7JjAZJxfgTqkSA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdebce79b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/apple.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/apple.svg
IP 104.26.7.145:0
GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1093087000.1664142797; _ga_740JKHV4FZ=GS1.1.1664142797.1.0.1664142797.0.0.0; _ga=GA1.1.907535088.1664142797
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 21:53:19 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:52:38 GMT
vary: Accept-Encoding
etag: W/"632ac2c6-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hI%2FN4XqWQHKDmAdDv1M2LP2K5Ujp2xZWoeZaTkCpSM5wFBChy%2BNDj11IMNe5X7xjk%2FGOncuZjNdInD1v1SJbNCJeM6ltewChUpg2nH%2BjhRPSgfIJ3fO%2Be1%2FhiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7506fdee4b93b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2