Overview

URL my.forms.app/form/629b6312bd94a175bb849970
IP172.67.72.65
ASNCLOUDFLARENET
Location United States
Report completed2022-09-25 22:27:47 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-25 2 my.forms.app/form/629b6312bd94a175bb849970 Phishing
2022-09-25 2 forms.app/phishing Phishing
2022-09-25 2 my.forms.app/form/629b6312bd94a175bb849970 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (37)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS accounts.google.com (1) 81 2016-09-05 09:39:47 UTC 2022-09-25 15:30:51 UTC 216.58.207.237
mnemonic passive DNS www.google.no (2) 25607 2016-04-05 19:50:59 UTC 2022-09-25 07:10:10 UTC 142.250.74.3
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-09-25 19:39:53 UTC 93.184.220.29
mnemonic passive DNS widget.intercom.io (1) 2417 2020-08-04 02:17:12 UTC 2022-09-25 06:13:33 UTC 54.230.111.86
mnemonic passive DNS www.facebook.com (1) 99 2017-01-30 05:00:00 UTC 2022-09-25 04:50:19 UTC 157.240.200.35
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-09-25 06:13:43 UTC 151.101.86.137
mnemonic passive DNS static.cloudflareinsights.com (1) 1294 2019-09-24 14:34:56 UTC 2022-09-25 05:12:25 UTC 172.64.156.26
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-25 04:49:39 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-25 04:50:19 UTC 64.233.162.155
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.118
mnemonic passive DNS forms.app (20) 267784 2019-01-18 21:46:21 UTC 2022-09-24 07:57:45 UTC 104.26.6.145
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-25 16:30:33 UTC 142.250.74.174
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-09-25 05:01:51 UTC 157.240.200.14
mnemonic passive DNS googleads.g.doubleclick.net (1) 42 2021-02-20 15:43:32 UTC 2022-09-25 18:00:33 UTC 142.250.74.34
mnemonic passive DNS redirect.prod.experiment.routing.cloudfront.aws.a2z.com (1) 0 2020-09-13 08:46:19 UTC 2022-09-25 11:55:37 UTC 35.82.251.53 Domain (a2z.com) ranked at: 816
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-25 04:51:16 UTC 34.117.237.239
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-25 04:50:18 UTC 142.250.74.72
mnemonic passive DNS ocsp.pki.goog (13) 175 2017-06-14 07:23:31 UTC 2022-09-25 04:54:16 UTC 142.250.74.3
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-25 17:41:56 UTC 142.250.74.10
mnemonic passive DNS js.intercomcdn.com (3) 2440 2020-07-20 12:22:33 UTC 2022-09-25 10:57:34 UTC 54.230.111.62
mnemonic passive DNS my.forms.app (21) 720683 2021-06-01 10:57:28 UTC 2022-09-25 14:59:14 UTC 104.26.6.145
mnemonic passive DNS certify.alexametrics.com (1) 3704 2018-01-18 16:56:17 UTC 2022-09-25 14:26:20 UTC 54.230.111.59
mnemonic passive DNS px.ads.linkedin.com (2) 522 2017-08-08 16:28:50 UTC 2022-09-25 17:13:40 UTC 13.107.42.14
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-25 11:34:24 UTC 143.204.55.115
mnemonic passive DNS certify-js.alexametrics.com (1) 6457 2019-06-22 11:51:56 UTC 2022-09-25 12:02:00 UTC 143.204.55.109
mnemonic passive DNS file.forms.app (10) 0 2020-05-04 08:26:18 UTC 2022-09-24 07:57:33 UTC 104.26.6.145 Domain (forms.app) ranked at: 267784
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-09-25 04:26:31 UTC 34.120.237.76
mnemonic passive DNS bam.eu01.nr-data.net (3) 9782 2018-05-17 12:36:00 UTC 2022-09-25 11:10:20 UTC 185.221.85.3
mnemonic passive DNS nexus-websocket-a.intercom.io (1) 2137 2015-06-26 10:17:57 UTC 2022-09-25 13:47:58 UTC 34.237.73.95
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-25 05:07:25 UTC 34.212.166.60
mnemonic passive DNS api.forms.app (2) 992980 2019-05-13 23:31:27 UTC 2022-09-24 07:57:32 UTC 172.67.72.65
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-09-25 13:24:16 UTC 142.250.74.164
mnemonic passive DNS bat.bing.com (3) 387 2014-04-08 09:23:16 UTC 2022-09-25 05:03:52 UTC 13.107.21.200
mnemonic passive DNS www.linkedin.com (1) 608 2014-04-09 13:16:08 UTC 2022-09-25 05:06:32 UTC 13.107.42.14
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-09-25 05:02:41 UTC 23.36.76.226
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-25 05:42:52 UTC 34.160.144.191
mnemonic passive DNS snap.licdn.com (1) 1044 2014-10-06 08:43:45 UTC 2022-09-25 05:31:24 UTC 23.36.76.121


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.72.65

Date UQ / IDS / BL URL IP
2022-11-12 04:38:42 +0000
0 - 0 - 2 my.forms.app/form/630e0e70c2748c14c10ef710 172.67.72.65
2022-09-27 01:42:53 +0000
0 - 0 - 3 my.forms.app/form/609890b8001f18095ac075fc 172.67.72.65
2022-09-25 22:27:47 +0000
0 - 0 - 3 my.forms.app/form/629b6312bd94a175bb849970 172.67.72.65
2022-09-11 01:44:30 +0000
0 - 0 - 2 my.forms.app/form/62baae34bd94a175bbb57e50 172.67.72.65
2022-09-01 13:36:19 +0000
0 - 0 - 2 my.forms.app/form/622ef84817a64c6cae942da3 172.67.72.65

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-29 21:25:57 +0000
0 - 0 - 1 ptimanagun.tk/ 172.67.163.19
2022-11-29 21:25:47 +0000
0 - 0 - 1 w12primecompany.com/ 104.21.10.192
2022-11-29 21:22:07 +0000
0 - 0 - 4 briskematarif.apppp.asia/ 172.67.201.99
2022-11-29 21:21:03 +0000
0 - 0 - 6 join-grup56803.pft.lol/ 172.67.142.115
2022-11-29 21:19:55 +0000
0 - 0 - 3 172.64.149.6/ 172.64.149.6

Last 5 reports on domain: forms.app

Date UQ / IDS / BL URL IP
2022-11-26 06:51:12 +0000
0 - 0 - 3 my.forms.app/form/63626353e5740e14f4318e02 104.26.6.145
2022-11-12 04:38:42 +0000
0 - 0 - 2 my.forms.app/form/630e0e70c2748c14c10ef710 172.67.72.65
2022-11-10 18:33:53 +0000
0 - 0 - 1 my.forms.app/form/636ba97de5740e14f4400eb7 104.26.6.145
2022-10-06 08:57:29 +0000
0 - 0 - 1 my.forms.app/form/62cbdb01971e3e097d357811 104.26.6.145
2022-09-27 01:42:53 +0000
0 - 0 - 3 my.forms.app/form/609890b8001f18095ac075fc 172.67.72.65

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-27 01:42:53 +0000
0 - 0 - 3 my.forms.app/form/609890b8001f18095ac075fc 172.67.72.65
2022-09-25 21:53:28 +0000
0 - 0 - 3 my.forms.app/form/62b729dcbd94a175bbb0a072 104.26.7.145
2022-09-09 01:38:19 +0000
0 - 0 - 3 my.forms.app/form/629b6312bd94a175bb849970 104.26.6.145
2022-09-08 18:50:24 +0000
0 - 0 - 3 my.forms.app/form/62ef4dc42b6a8726fe7f04c9 104.26.6.145
2022-09-08 09:19:52 +0000
0 - 0 - 3 my.forms.app/jenetwood/untitled-form-1 104.26.6.145


JavaScript

Executed Scripts (53)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 15, repeated: 1) - SHA256: c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e

                                        < !DOCTYPE html >
                                    


HTTP Transactions (120)


Request Response
                                        
                                            GET /form/629b6312bd94a175bb849970 HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.26.6.145
HTTP/1.1 301 Moved Permanently
                                        
Date: Sun, 25 Sep 2022 22:27:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 25 Sep 2022 23:27:36 GMT
Location: https://my.forms.app/form/629b6312bd94a175bb849970
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqZ131dFeNDvtQp%2Bp%2FQl360hsEGgsrPJVSA92piojvxD1ZKFaeMDi4m%2Bpvs1FX0h%2Bx3%2FGxgQfiPvfbpTBdknAxSA4g%2BkxHBI1Xheou14yNjbJqrXFHcZwcAHjkTzdg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7507302aab2dfac0-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9591
Expires: Mon, 26 Sep 2022 01:07:27 GMT
Date: Sun, 25 Sep 2022 22:27:36 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 22:15:14 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jCPfLhsOchp32OSFcaxuFRncd4URPaOERVlA8xk_8-h_K51AT9YSgQ==
Age: 742


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4721814DA286852318F7EBF9857BD4BF01F0BEEA2C9EB7DDB9F290E3FA472232"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16156
Expires: Mon, 26 Sep 2022 02:56:53 GMT
Date: Sun, 25 Sep 2022 22:27:37 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 3nAI/ks0I73LhulxMZTDhTOXe1tW/nFNkbHVC5KOG8ZYh8wG71wiuD3ynLqSVBO63Gxypf5kc/Y=
x-amz-request-id: N7YDWM9Y6E8T8ZJ0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 25 Sep 2022 21:48:23 GMT
age: 2354
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 25 Sep 2022 22:27:37 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 22:27:37 GMT
Server: ECS (amb/6BA9)
Content-Length: 278

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 25 Sep 2022 22:04:17 GMT
Expires: Sun, 25 Sep 2022 22:19:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5FN1jkOWAy8jjHDha5RrLqZbcQZcN855eVOXjPWo1xF0rNZ4-bAgzw==
Age: 1400


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2395
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 22:27:37 GMT
Last-Modified: Sun, 25 Sep 2022 21:47:42 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /static/css/dcomponents.77be9.css HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
etag: W/"632ac2ea-1ac3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbYCHpRy3TlXLQJfddlQN8w7xu4foKlamPtefwgo9wXFDRcfsl7090RFjZd74G71iB%2BaQI21PeU2n1dSXwv8ghCsVGukqKAJfLMy77RekzNkstzg58RoIYvgMm%2Fjcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7db503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6851), with no line terminators
Size:   1987
Md5:    4ee626adf199e855720aae646b5aba6b
Sha1:   7643048b9ff77d47d08afb8d67fbb859c42da072
Sha256: bd89e9c94008a184f41acacc6cec079b5ec94b4ff26e18724945dddd7bfdd398
                                        
                                            GET /gtm.js?id=GTM-WPSL383 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Sep 2022 22:27:37 GMT
expires: Sun, 25 Sep 2022 22:27:37 GMT
cache-control: private, max-age=900
last-modified: Sun, 25 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76136
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15501)
Size:   76136
Md5:    7a0162b796dc5775c9d4689f789e314a
Sha1:   e785e665bfc895d4696814332f6b8aaf4f9aac2e
Sha256: 07dee2e0fa52597062820564c8f6e05ae4dcd04f94ef8186bacb597f561e53d1
                                        
                                            GET /static/css/iicon.8278c.css HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:06 GMT
vary: Accept-Encoding
etag: W/"632ac2e2-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4IgWavpvvYZ73F%2BWubgD3gGWsT6euVeFUwAkiqL%2FeOER7nbn8OMGMssqMriq4m%2FwX4k37huhYe3LnNsggMLl3hzW9pN7ZrMPrez82julFl5HNjohCMvizd7FvNOtYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (574), with no line terminators
Size:   3163
Md5:    39aff49b710b2b294255f281905c5cbf
Sha1:   63ef822bda2e30b90f62e23eeb9148ad63221a35
Sha256: 1122e7274189be2858cdbeecb637ce8c4613641e8694be1724df799bae7ddc03
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P8rXnqIZyv52ygdEEhlSTQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.212.166.60
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jsg+N9AgvrerQEY5/7g2OZo9Pyk=

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/js/runtime~app.4691c.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:00 GMT
vary: Accept-Encoding
etag: W/"632ac2dc-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWlwHwEnpYbA8flRB%2B1fhXM3iUoAxL%2B740IigzMLvKuXpRE3v5AZYXA%2FuPQ69nJMpiY%2F1NAaAbFPyirs%2FWag9EfSYFxx6EkdgQp2jo3ufvkZ6zQY9DZpceVgpLC2JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb8bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (24538), with no line terminators
Size:   37323
Md5:    f9e7bfa938b6df8220f340eae44a9dbb
Sha1:   987a75c058083cf25a7e4dd88d9ef0d0d6602bae
Sha256: 43e8d99824c3307887a0e848d496c6744a3dcd3ad5a65f32d1a341b28d3df204
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
age: 102373
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            OPTIONS /form/629b6312bd94a175bb849970/view HTTP/1.1 
Host: api.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         172.67.72.65
HTTP/2 204 No Content
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PC%2FrvTcdFo7AgdTqHNcWg1UyDGb6MMBIxWhW17NstFX1uTik8bG4dbVJ4iS9oQcBu8bxVal%2FLd8r%2BLL5ab2F4kA2av0ZJm3xzs7FOTZZ6BYj0qo3ML2xgTr2VZvMJ0c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730335a160b65-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /static/js/iicon.59ea2.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:52:44 GMT
vary: Accept-Encoding
etag: W/"632ac2cc-349e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m3yZyfSOzupMwkriicRDGlumSbeqxZTnbTFBZ2neY0RpdCI2u8QY8gr7YSmkpfcw5ngwhXDclTlIScTiLxvy3KS4aelaWSGXH0i5RUnVtKAipEqGusn%2Fp92Wr1rKSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb84b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13470), with no line terminators
Size:   4333
Md5:    19c9b06549fffb29627353a592c704ee
Sha1:   e6d50d92754f64aefb0e75c26d48d7a24ad3b593
Sha256: 88cf635f3ed1ffd84f68f00b0338812384a4c620dc94a05e98cf7c3fca808c52
                                        
                                            GET /static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:25 GMT
vary: Accept-Encoding
etag: W/"632ac2f5-2f93"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjAEU3TU9XGISImymft8VHHmJf3PXkCAxtDX%2BKmRGE%2FWLNVMfXV5nVM%2FhnLaK69eTtZ9ICKPqu8LuA228AxtUZ3F9RVl1CBWbSe5qbEXw3LRfND9VE81N5wmz63YUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073031dc78b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (12156), with no line terminators
Size:   8759
Md5:    1eab312add3586d7eabae12dfd20d552
Sha1:   8b5160159fa1b2e4389a72f939cc242d3f336b63
Sha256: 18bc0540e29a4a39e59f4dc1e669011f50b2c29caa634f951bcd2c4f5ba2764c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6442
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 22:27:38 GMT
Last-Modified: Sun, 25 Sep 2022 20:40:16 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/img/form-disable.png HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/webp
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 7820
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=9896
content-disposition: inline; filename="form-disable.webp"
vary: Accept
etag: "632ac2d3-26a8"
last-modified: Wed, 21 Sep 2022 07:52:51 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2060
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pn4hWbYIYfmpnG%2FLjQew4HXuJYnsCnkEdG09EhH6JFtUdD7QIkdKHgI7Qosv8wyL4n%2BM0DnQquc6V7iIIJXgWYjnhbWs6Ejp%2FGEXS8btYea4JWNxg%2F8E7RjfHBQ3hA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730351ee9b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   7820
Md5:    132d5df78ca2b88cf07963c7ecee1023
Sha1:   2cfd65ba9bb62a3d954ceeafb37ef9757a79188a
Sha256: 1e88533f5ec84f1b51bcc82801af0017c0bc0470a7841eb1a5a041df42f40baf
                                        
                                            GET /assets/img/formsapp-logo-white.png HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/webp
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 1902
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5999
content-disposition: inline; filename="formsapp-logo-white.webp"
vary: Accept
etag: "632d9889-176f"
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Aw%2B2yYIligs3w8AcHTRXMJZ5DTctzdNp9J3rYKTpCYWLhDxlyyK28cDn2fE78hl2GaUw4hQRGzpk1cetBZayQYUwh9Uy13mD9%2BkaATgAMWuDE6KCF3BXXiSIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036784cb503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   1902
Md5:    8edd3c97094fa7a2e082915e5704a9bf
Sha1:   a33b8b4cfa61188431fd90374e857346277f1590
Sha256: 34484856915ff1c164ffb80718c46a3fd1314e6c7484b1cc2918223d65590ca9
                                        
                                            GET /assets/img/form-builder-blank.png HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 149
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
etag: "632d981e-95"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G92e3IPEiUNJqkhXJJjMF%2BXIbYsS5%2Bnw1Jm8WcE2LRdXzm1w7ZFVbBUsBJ2ekLOCvd4oDJGlYycJ%2BMZD6D%2BrYiwDvnJK9TNPc2kO0fhDbI8xB54sYXQgc6m8Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a870b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size:   149
Md5:    eab6bf754eb6a790cc1240262c1c3a29
Sha1:   9ea4eaac5215410d39dadda7a62e8b287975521a
Sha256: d19c316cd024fbefdb82a69b3233eea0f502b445dbe80c17c4596f295c354f12
                                        
                                            GET /assets/iconfont/iconfont.woff HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/font-woff
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 18416
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
etag: "632d981e-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dACi7XAExDhZKsru5bBI7DJuTOIy6vY8TMaf%2FVJ3EhuhYIxXspTT%2Fdzsv0KyN9ePJZKWGFdskrnuvtME%2Fm6rU5KR%2FyoBCHjObMHGe9TMK3Am12dHES4MYzIJ0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036d88eb503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 18416, version 1.0\012- data
Size:   18416
Md5:    64f7aa12b6b4451be569df62604435a5
Sha1:   45ce2923a9a7c71988b1528c07379233bae693dc
Sha256: 552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 25 Sep 2022 20:41:09 GMT
expires: Sun, 25 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 6389
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /li.lms-analytics/insight.min.js HTTP/1.1 
Host: snap.licdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.36.76.121
HTTP/2 200 OK
content-type: application/x-javascript;charset=utf-8
                                        
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=49797
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (7751)
Size:   3063
Md5:    57efbbeb3e1d23c82b677511c67c8b0e
Sha1:   f927ba115ef4be362694c22850ddbdd1c1b054d1
Sha256: 873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
                                        
                                            GET /atrk.js HTTP/1.1 
Host: certify-js.alexametrics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.109
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: V0kJPkkTDLLONsXawoE4fQeHfjdH9mRTG1jMXVwzvDjmm5COif2S9A==
Age: 3781535


--- Additional Info ---
Magic:  ASCII text, with very long lines (4255), with no line terminators
Size:   4255
Md5:    d89453438fbf10dcf4c13265c40d5160
Sha1:   02d5f4e46c94bf34e12b2d773f63f643ea2b3518
Sha256: 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
                                        
                                            GET /pagead/conversion_async.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 25 Sep 2022 22:27:38 GMT
expires: Sun, 25 Sep 2022 22:27:38 GMT
cache-control: private, max-age=3600
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1654)
Size:   15693
Md5:    890f716858b5f72587e47c5eca121cb5
Sha1:   91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
Sha256: 7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
                                        
                                            GET /bat.js HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.21.200
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: private,max-age=1800
content-length: 11367
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=2E84BE3806F36C62228BAC1207066DDF; domain=.bing.com; expires=Fri, 20-Oct-2023 22:27:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1BE3D08B91AB4239AE9DA17734C8F2CA Ref B: OSL30EDGE0206 Ref C: 2022-09-25T22:27:38Z
date: Sun, 25 Sep 2022 22:27:37 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size:   11367
Md5:    293ae3e0fc8b0d5c143fdf9d8490228d
Sha1:   3976c659b908e70818a3a1ac71860b497fe2d1a9
Sha256: 04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /sitefile/wordpress.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= wordpress.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iD2eZZIyvIxFKW3U34C09A7FZtd6dQzdGRumyVrP4LfZmOd4hv%2F%2Fuz4Kif6tOZQL%2BjDKIoYJahhBsDC%2BbLwVh8FyakD4K3l4GNQZaM6rqxJdIakTf4AObo6E8O64xWz1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a868b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size:   14590
Md5:    a8142c5209c37c282b68fe91ef4d90d2
Sha1:   5517c445e6a7cd9a77cba083056517e778c31845
Sha256: 95db53e57aec02cb8cec31dbffdc57409ca3ab9ac0befb153bc50de23cbcd307
                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.14
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: XzvRJAnx6a8iaA5+C+vBCOaEogeFCf/q2TntX7xIeA49nyw/HSDDg3ntD2XUctEk/pSsdMN4Uycf8/sHrfzzQw==
content-length: 26840
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 22:27:38 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   26840
Md5:    e1327a02d76346c7e23d114e4e508b30
Sha1:   195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
Sha256: 331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /sitefile/excel%20copy.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2ydV8EanqjBya19IIYcRbzaE83A7F8gdwituxxBpCM7lFleupNl1E8apF0EegR2fxWC%2ByDH0p52WjNUuUOhVIlvBoYCAUBlnkz0tnJuNOApaBU6rsQOL1yPZNh7Yqyl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a867b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size:   9394
Md5:    b89fb2e1827687f9c27bcb670034048e
Sha1:   ddea09e99905551939a14f3e1719b49a7a6357a0
Sha256: 032895f25980e032f78b65532193015530a6c1fcf574bfaa542b17e960d94e57
                                        
                                            GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:39 GMT
content-length: 916
last-modified: Wed, 21 Sep 2022 07:53:04 GMT
etag: "632ac2e0-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkZbdhMXKe09ugGB2jj5ufGUyUmoWW5dV5wZm93uUnfoinJyTG%2B08ANFDQktTQ94Q967WiURbXxSpd%2FgOeLf6YWEbbBgV%2FkoIp7nbEdto56vzGPe%2Bdgsq4zUsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730380979b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size:   916
Md5:    7b4d7d6e0968fe900568920543a5876e
Sha1:   c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056
Sha256: 2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6443
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 22:27:39 GMT
Last-Modified: Sun, 25 Sep 2022 20:40:16 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /assets/img/phishing.png HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144857.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/webp
                                        
date: Sun, 25 Sep 2022 22:27:39 GMT
content-length: 5380
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=16006
content-disposition: inline; filename="phishing.webp"
vary: Accept
etag: "632d991d-3e86"
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2060
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgwgcxIN8ZykknYTgdj8rTtSR8HkCO62bWdY7n%2BkivISnfopwqTfmg88722abYoCkp8USJvmycVWUYLHJZH5YLYnkpBczQ9FdTf6xjTfSvGP3HwiVWS5P75vLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730397a5eb503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   5380
Md5:    486e845db3badafe650b2488a8051844
Sha1:   b6c53a5fe798d41e3c016d9b6e9587b0aca894c9
Sha256: 13cbd9356bccfd1e91054818c417a05a937a14965dd3ca6a18f4ad9699cd0470
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pt7rJi8EIQFBk0gHQZ1WnjvThPba86XZCGFs83l1ZW2dj-_6bZprAA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5980
Md5:    ef17205adb2b478d3bff54b048208d22
Sha1:   12aac1bd22e675f09a220de08b4656e801c2e647
Sha256: 620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbad0bb4-9ab3-47a9-80fd-6567993349dd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9352
x-amzn-requestid: efae9f72-8dce-4899-9dc8-c6cc9b4b2540
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvwFwWoAMFmig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-744ade88393a83467fea2b97;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NOu92heW0-RynLU34xGoSq36WGjOu75Ukkd8IA3IoQ2FMHFUMlkJrA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "78a82653eb0e5aa4f1355c13b665da44a3412024"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9352
Md5:    65e3b72afc2f13978ee80cc87dc289f1
Sha1:   78a82653eb0e5aa4f1355c13b665da44a3412024
Sha256: 9f3a89f268fca25f5a6c7319b1f8412a193cd73bc9c8f4c5a9d294582df3a57b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8703b7f0-bb10-4a43-a50f-a8a5c8857499.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10045
x-amzn-requestid: a01e6cef-fe8f-498c-aa68-2603a66b1121
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvwHPwoAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-1a4405e54c54eccb4f0846a2;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dBJjUHYsSR4YA1SMcbZJ_iNdvPOhtXlltVN3f36IduFe2h2zsMT_Yw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "c529507a70247c7e03c849c3ff45f93eada6f0c4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10045
Md5:    38f828e3aa86057cc3b686ca9d4accc5
Sha1:   c529507a70247c7e03c849c3ff45f93eada6f0c4
Sha256: 76016d51352ff6a8372b92206119d88747600874ecee5315573ca4e539e03c6f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7185
x-amzn-requestid: e7b997d7-f9ce-40c6-b9bb-372ee10d8ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTAfEX5oAMFcHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb9c-31e295e33ead940f381121a1;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:43:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p7rimTrmOgUnwPuESSKSrsWlzhiSBJYx9h8XIacxP8DUyyvXye2iyg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "0d5cb1f3e3ea510308034a5e569c0e65fae30835"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7185
Md5:    6d79a3a5bd7dc7aa6cab306176fafd11
Sha1:   0d5cb1f3e3ea510308034a5e569c0e65fae30835
Sha256: 57979dfcf6fdc76f04e4790c2b94b876e188ac780aa49d9bfc8a58c498dc4203
                                        
                                            GET /gsi/client HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.237
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
expires: Sun, 25 Sep 2022 22:27:39 GMT
date: Sun, 25 Sep 2022 22:27:39 GMT
cache-control: private, max-age=1800
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-Fx2-Wq6_iTOuWe_NFtT9sA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   82854
Md5:    7f909e0ad074d83b5765824c93f28256
Sha1:   3c0181aab7b7ebb76818d3517abe257dcb6e3c77
Sha256: 07d0607342674c0ea4d6541b515dbec6b84f1bb2d6cb106c91b8943cac27dbe0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:19 GMT
age: 3020
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664144857375&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=18424211414&sess_cookie=a8f56e7118376c3591e7e890934&sess_cookie_flag=1&user_cookie=a8f56e7118376c3591e7e890934&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1 
Host: certify.alexametrics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.59
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Sun, 25 Sep 2022 02:09:43 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BF3x39GFtyB-gs3gZA3h9hrTC262oEP5pdsyC1PIZN6q5HgIKWmMRg==
Age: 73077


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    221d8352905f2c38b3cb2bd191d630b0
Sha1:   d804b495cb9b84b9007a25b5d85f9ae674004cde
Sha256: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
                                        
                                            GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=a93c6cd8-aad2-4fab-9c43-df716457aae8&sid=426c32303d2111ed92e52fa706e6976a&vid=426c4f803d2111eda3c8df5b273fd8ee&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=491&pt=1664144856792,,,,,1,1,1,1,1,1,19,207,208,213,485,490,491,,,&pn=0,0&evt=pageLoad&sv=1&rn=337318 HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.21.200
HTTP/2 204 No Content
                                        
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=33E36A7EA339624D38037854A2CC63EA; domain=.bing.com; expires=Fri, 20-Oct-2023 22:27:39 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0196DD767DB74A6AA663C0A5EE9A6F7D Ref B: OSL30EDGE0206 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:39 GMT
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/viewthroughconversion/587928374/?random=1664144857459&cv=9&fst=1664144857459&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1557510503.1664144857&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.34
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1036
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Sep-2022 22:42:39 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2302), with no line terminators
Size:   1036
Md5:    90972db81d7f2944b96cfbd1185ead65
Sha1:   42a9ab6d04ac5deac5664958acae3c788c64f152
Sha256: 90fab6f2acdd66da9ccf04262fab4dfe7fff9485b509e55b417a5eba1a92e121
                                        
                                            GET /p/action/137024713.js HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.21.200
HTTP/2 204 No Content
                                        
cache-control: private,max-age=1800
set-cookie: MUID=33326066A08362E438C0724CA1766320; domain=.bing.com; expires=Fri, 20-Oct-2023 22:27:39 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 419F79128B2E4AAABE503B1C18A9834C Ref B: OSL30EDGE0206 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:39 GMT
X-Firefox-Spdy: h2

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&gjid=936619456&_gid=990757285.1664144857&_u=aCDAgEAjAAAAAE~&z=1001427146 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         64.233.162.155
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.118
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 22:27:39 GMT
Last-Modified: Sun, 25 Sep 2022 21:08:22 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NwViAFiKWwx0CW7ThqLnCvFlX01aYVpmMe2ZXfQ2d9BRihe2LDMOVw==
Age: 4757

                                        
                                            GET /collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1 
Host: px.ads.linkedin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         13.107.42.14
HTTP/2 302 Found
                                        
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664144857444%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJEa92yGVF7VAAAAYN2w2EW0ZA3xPWAbvsQV1b45OUkTJvgZ7dFB70H-ivI_0TIjCAK-ZApi2P0GQ; Max-Age=2592000; Expires=Tue, 25 Oct 2022 22:27:39 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure AnalyticsSyncHistory=AQIGoMF9SSdTUQAAAYN2w2EW0wRbbmtFzphmYdpPwkZlrI2-SFY8uXUYer3ql-N-YlLMrNcZDzoUS74PxN7zyQ; Max-Age=2592000; Expires=Tue, 25 Oct 2022 22:27:39 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure bcookie="v=2&5475603d-cefc-4835-8c51-895deff60e22"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 25-Sep-2023 22:27:39 GMT; SameSite=None lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2349:u=1:x=1:i=1664144859:t=1664231259:v=2:sig=AQFK5lY_ck4oO4xroAoogaUT9TuwbuwY"; Expires=Mon, 26 Sep 2022 22:27:39 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXph+szGnVE8lHUsnceww==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: D1A7D810E107421F9677EBC6BA4F867B Ref B: OSL30EDGE0307 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664144857825&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664144857824.1464110858&it=1664144857491&coo=false&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sun, 25 Sep 2022 22:27:39 GMT
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /x.png HTTP/1.1 
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.82.251.53
HTTP/2 204 No Content
                                        
date: Sun, 25 Sep 2022 22:27:39 GMT
server: Server
X-Firefox-Spdy: h2

                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&_u=aCDAgEAjAAAAAE~&z=592343701 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/587928374/?random=1664144857459&cv=9&fst=1664143200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=683492286&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664144857444%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1 
Host: www.linkedin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.42.14
HTTP/2 302 Found
                                        
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None bcookie="v=2&5f557033-4473-4e2e-8bfa-7c702525ff55"; Domain=.linkedin.com; Expires=Mon, 25-Sep-2023 22:27:39 GMT; Path=/; Secure; SameSite=None bscookie="v=1&20220925222739ee040ac0-abb7-4dae-84fa-3fbe06c14110AQHQf2xXdgYMoFE_ijF195uqE7JXDA2B"; Domain=.www.linkedin.com; Expires=Mon, 25-Sep-2023 22:27:39 GMT; Path=/; HttpOnly; Secure; SameSite=None li_gc=MTswOzE2NjQxNDQ4NTk7MjswMjFcF6cSKE7QzwRo3RiLftjpY6lsOIw3bDW+Y2o9Lxk28Q==; Domain=.linkedin.com; Expires=Fri, 24 Mar 2023 22:27:39 GMT; Path=/; Secure; SameSite=None lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2349:u=1:x=1:i=1664144859:t=1664231259:v=2:sig=AQFK5lY_ck4oO4xroAoogaUT9TuwbuwY"; Expires=Mon, 26 Sep 2022 22:27:39 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXph+s3zmVio8LVDiwfSQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 863F05C0899B49429A6B151358256E36 Ref B: OSL30EDGE0307 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            GET /collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1 
Host: px.ads.linkedin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.42.14
HTTP/2 200 OK
content-type: application/javascript
                                        
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure bcookie="v=2&78e62d5b-6d4e-4cbe-8be4-3101676a1cf3"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 25-Sep-2023 22:27:39 GMT; SameSite=None lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2349:u=1:x=1:i=1664144859:t=1664231259:v=2:sig=AQFK5lY_ck4oO4xroAoogaUT9TuwbuwY"; Expires=Mon, 26 Sep 2022 22:27:39 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXph+s66xdKJN3zKthQ7Q==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 047F3EB4FE854BFD8D6E6998F4693DED Ref B: OSL30EDGE0307 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:39 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            GET /widget/tt7hkkgs HTTP/1.1 
Host: widget.intercom.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.86
HTTP/2 302 Found
                                        
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 20 Sep 2022 08:31:36 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ykBSh0nB79fvJhLEuwMX6VHyaDZbrTmgTtU9r__NM8_TI9Ml6_g6Vw==
age: 482165
X-Firefox-Spdy: h2

                                        
                                            GET /nr-spa-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 22:27:40 GMT
via: 1.1 varnish
x-served-by: cache-bma1678-BMA
x-cache: HIT
x-cache-hits: 1378
x-timer: S1664144860.081306,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32010)
Size:   18216
Md5:    6561a2403142205f966207d61576f1a6
Sha1:   1310e72f494e12ab63a4280fc1600a2c89dc9bb8
Sha256: 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
                                        
                                            GET /shim.latest.js HTTP/1.1 
Host: js.intercomcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.62
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
content-length: 6170
last-modified: Fri, 23 Sep 2022 14:33:24 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: dohpLQMJATrJhKVWci90uJsHoPft_NB6
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 22:26:07 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "78e5fa5780a095f31cd5ad256609db60"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4jD56NNi5ZO7H9AKJWt_rDbIwXwFSxK8VEBHA0kf7kK5FAmmnxOwZQ==
age: 94
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Size:   6170
Md5:    78e5fa5780a095f31cd5ad256609db60
Sha1:   bc268b805d2bdd61437de79b38de1c27d16060bd
Sha256: dbf5cace47334b0e3b1972da94b7a1d4a64e3c517ee3699c3bcf9a88a75e9d9c
                                        
                                            GET /frame.d3f71718.js HTTP/1.1 
Host: js.intercomcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.62
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
content-length: 129676
last-modified: Fri, 23 Sep 2022 14:31:56 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: jEj7i7pT6cAf82x31Uac6hrRy4xnf5kB
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 20:33:30 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "b9494458865666162b3a68d85fc9daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tJId9mLj_uNGMvEF_XnO-uke5eVbRJ-6H60Fc_YzTVfc7PeT4N9J7Q==
age: 6851
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   129676
Md5:    b9494458865666162b3a68d85fc9daa7
Sha1:   8e007cacbb8b9510edf2d4e4f46868bc7abdd7e0
Sha256: 82c3cdb5c762cdaaed36cfd9c946c9fc7012f284a5d42bbd351547fc7d71cbe1
                                        
                                            GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1722&ck=1&ref=https://forms.app/phishing&be=245&fe=1642&dc=491&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664144856792,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:1,%22ce%22:1,%22rq%22:19,%22rp%22:207,%22rpe%22:208,%22dl%22:213,%22di%22:485,%22ds%22:490,%22de%22:491,%22dc%22:1641,%22l%22:1641,%22le%22:1648%7D,%22navigation%22:%7B%7D%7D&fcp=326&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.eu01.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.221.85.3
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sun, 25 Sep 2022 22:27:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 750730404fc115f4-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=da59206e591a6356; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJSuD9r%2B75cmCYV%2Fxh6ZYat116rq6GaLS2SIatQofTlRzwKubHmDjqP5Bv1qAdHWNBiFNNWITDpzCzbPFfFcStF72YVjDlmJunW%2BmsT8ZkOn8U5qt5ADDg92nrUFa5t4wfzxIFcJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   139
Md5:    569ba44f4d2a9baf4de47d3a78180009
Sha1:   84c4e5de1cc49adf2b3e30181dcd8489b12140ee
Sha256: 9b2b1c4f7b8fba7808ac67b5b5b64f48dac39456851b5e9cdd9e37095ee76ad8
                                        
                                            POST /resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1875&ck=1&ref=https://forms.app/phishing&st=1664144856792 HTTP/1.1 
Host: bam.eu01.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 1133
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         185.221.85.3
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Sun, 25 Sep 2022 22:27:40 GMT
Content-Length: 36
Connection: keep-alive
CF-Ray: 75073040afef15f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BiHr5pNfmjZ5YZ1e%2FPkEIIX%2FG9VWztE0AUfVK4OcuDP%2Bgkvvk097m%2BEww7YaVRfCNAi7%2BUhtu%2B%2BFWoujTvXadQqQ6WZuuQ4w4szFPCnFBx40oLbN0oXVWQnXA%2BEWe4uTuhOiMIya"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   36
Md5:    c166c55bb8bacab6d0ba49b766644670
Sha1:   8de8be38f5eecc3ffe4fe4fe0f5670eef2d41233
Sha256: 691ed8489166fe87e77f648d02d7e18a523918e44fd57ac149d3609277bf0bd0
                                        
                                            POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2652&ck=1&ref=https://forms.app/phishing&ptid=b447fc75-0001-b26d-d472-018376c3647e HTTP/1.1 
Host: bam.eu01.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 345
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         185.221.85.3
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sun, 25 Sep 2022 22:27:41 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 750730457aaa15f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qtjsWj7mDg5qugRzPpbfhZI9aQwB2uWj11K0NH5BuMU%2F0FWMpqYTV7vbtQ13tMFvoTJPSmhN4Eq2uCJQq5yCBARLWBSs2FSJKfgthJNbiWfEuoz72H2rj5vr3tgus2a82XgKSGx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
                                        
                                            GET /assets/img/formsapp-logo.png HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144857.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857; _uetsid=426c32303d2111ed92e52fa706e6976a; _uetvid=426c4f803d2111eda3c8df5b273fd8ee; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664144857824.1464110858; intercom-id-tt7hkkgs=a2665875-3c9f-4137-acad-dc167515391a; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/webp
                                        
date: Sun, 25 Sep 2022 22:27:42 GMT
content-length: 2852
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=3548
content-disposition: inline; filename="formsapp-logo.webp"
vary: Accept
etag: "632d9857-ddc"
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2062
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMrd%2Btx6fZHROfqjR79nzODxyb%2BtXIbXKsP8Qdyet2pQntG8d74gl6Ss9Ea42gxGXqU6j9DFjjdQeQqZ1m%2BsPDFfjg0zf9G3HVX0j0xyTw%2FY%2BOfW34149%2F17AA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7507304bc82db503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   2852
Md5:    59766a971f90101d029ff73f0478a40e
Sha1:   131f63ef0a1d7cb350bddbae1a024fd3f6ec5489
Sha256: 6da09df32ca888e63b7c58d507cb1d717850be72fd4ba9b10dd26a7c478fc10a
                                        
                                            GET /pubsub/5-2eq5OYsuS-g613CPlSA_VZEvClbRm5VuA9SQmB-lLtTapciMWSx0VpDX0tbbWpZrHnJFd0KEHgfc7_mbuD1I2wIX2Obw9Cs3NLTn?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1 
Host: nexus-websocket-a.intercom.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pRBjWWuL/l0Kvo0eDVUdvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.237.73.95
HTTP/1.1 101 Switching Protocols
                                        
Server: nginx
Date: Sun, 25 Sep 2022 22:27:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tX0Bs2Tgra65Q0mRFrIYlRcpraQ=

                                        
                                            GET /static/js/icons.df638.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Wed, 21 Sep 2022 07:53:00 GMT
vary: Accept-Encoding
etag: W/"632ac2dc-3b710"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5599
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fBZmj6tvv%2BfboznL4egGQuZ1MTkgboTy%2FcCwr6JQ%2BS%2FBKLzrzDj%2FtnRw2yEjdTKwkfugBLCwD6XyGltB9rvN%2FNOjrGhGzMl8U0MREKaLYuKvWtRMFEks1qhRffjNFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730352efab503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /cdn-cgi/rum? HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 384
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/plain
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
access-control-allow-origin: https://my.forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 750730367842b503-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/logo-home.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3PZBM2x7o59eGtNdu5yf3a5bGYsOmSliXsUumaiX15EIKulWHGzXrIwM%2B7Thk%2FCPQ7ga9sGh3RZ8c68g8Yz6Ibk%2Ba%2B68%2FlDQcWiPEtWdu6HIz%2BbPgzW5q00CA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036784eb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/sheets.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= sheets.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=32p%2FHLAdwHdnwH6SwlFQd4SdQ4qAREiuLeAtRrbW57xeSjCtTxjjx7JvuC9zlVkDmKZ233rTpNxFBAcaE5uWFUBIKZ198noCXKSaMGHMI30E7YDzL%2FtsgsdG0aO5hW9e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368853b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /cdn-cgi/rum? HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiZGY2MDNhMTliZGU3YjA4YyIsInRyIjoiNzJkMDczNDhlNDA1N2RlYjJlODNkYzFmMjBiN2UyZmEiLCJ0aSI6MTY2NDE0NDg1ODQ0OX19
traceparent: 00-72d07348e4057deb2e83dc1f20b7e2fa-df603a19bde7b08c-01
tracestate: 2885732@nr=0-1-2885732-286479549-df603a19bde7b08c----1664144858449
content-type: application/json
Content-Length: 16756
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144857.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857; _uetsid=426c32303d2111ed92e52fa706e6976a; _uetvid=426c4f803d2111eda3c8df5b273fd8ee; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664144857824.1464110858
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/plain
                                        
date: Sun, 25 Sep 2022 22:27:40 GMT
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7507303f3f02b503-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /user/gettimezonefromutc HTTP/1.1 
Host: api.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         172.67.72.65
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YfMeFmwCyerp7AAIVI4Jxfvi%2BD0A5hnf2XeHs%2FatX%2B%2FkYyH7E23oXIFW6V6JJDY8r1BMAHeCkOcO0Kf8Fr8tF9D0dG4ZrbtCPDTZ%2Bl73vIre8WFiTBHP61WAgyk5IZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730335a120b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/WhatsApp.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zb6bGokFiNbr0lmSP9BDCsSRaJnyKnkPmfxSMRGy%2BsAT%2FaqH3rr9Jew326cMAxwOBDuoug9HmjhX%2BLtdoxvaPUaiISZJ34Pr0wO%2Bu8XOsT720jkpvBqtSEPnFA%2FKeDI0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036885ab503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/templates-resources.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:30:03 GMT
vary: Accept-Encoding
etag: W/"632d98bb-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vp9im%2FBmEAUjgNIiOahnzak2w7kivCeVuy0AwAq6elKWtbjuWIjoTJvxOLZTkpj1bT8mepJfD4cBv9UtXuLgDQ2GGCjEiDmn1kC87p3h5FK04uHcgMc0QiTt%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/vendor.523c4.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:17 GMT
vary: Accept-Encoding
etag: W/"632ac2ed-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVsnZFZNOKYX%2BWSdXkXuEUeBBpgHFymgVABH5k3Id1OYli4KAa2Hi68xJQGsvXcdGHB81b%2B5os05Mn14rJfvRzlB8attUEaG3xF4HXeiHNvMHsXtUBaPBLTg1UaMkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb87b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/css/swal.2ebcf.css HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:22 GMT
vary: Accept-Encoding
etag: W/"632ac2f2-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWRfxbT5eSvsw9vm2vo9sTjOCmt2aeoWcF3bC1M7EGqk9D%2Bmd2sZRfKW5CCvV0EIasaHRrxhNscA9ZmCXb42%2FjdhpVxY8Qek3TcGIHAAUDG2PF%2FbHm%2F03l4YDJuVJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073031dc7db503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/FormView.2d11d.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:11 GMT
vary: Accept-Encoding
etag: W/"632ac2e7-a5f2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=caAJBQN8KcEab6%2B1PIe%2FBMamq4HwOSfm8%2BJhruHp0uoBq%2BDolFl1sFAKzK7ONwr73pwnHNQShm4Lf%2FhUY%2F0mh4y%2BIB4JEQ5qltDVHe1e7Fr3qT2BkC4vF4E4lNvhow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730320ca2b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/help-resources.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:30:53 GMT
vary: Accept-Encoding
etag: W/"632d98ed-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fz%2FvSqujtpFGbxlLT3XH4i%2FzGlpXUM5OTTE1qS8NNENkvEUwskvQo3i1%2FktpgiciczcopwSHlLkO%2BV87TNLPj6y46x0DPSKQ04yEAXXEaiRUgXEEWC5%2BpJhQQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/img/use/svg/apple.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Wed, 21 Sep 2022 07:52:51 GMT
vary: Accept-Encoding
etag: W/"632ac2d3-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5OehQep7vkiq8CrFr1pLSRlGKq1qC4L8v%2FRBoTIzBOFC%2FN%2F1Mu6vgw2xdJ17lybsouP%2Fg6Emd6BGGWVb1D7Bw5bgM6sVjCNkqVR4m1%2Bi%2BbzB3ZztTqv5N6bEMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c886b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/trello.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= trello.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j72rRqCgBqV2%2F1i7UtIquqw5bflHmNj9ZTXyVQHZEwcPbvJ%2BoqnyhBlmwNEJpKSMSWiNMNQa6cSVDxoIH5Q5g97M9ZH%2F%2Fz7HnJlHYDQm2mZG9uJmTHM%2F5krxPfPev80L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368857b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/img/logo-home.svg HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Wed, 21 Sep 2022 07:52:38 GMT
vary: Accept-Encoding
etag: W/"632ac2c6-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2060
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jdyu3P7a01XqVuVg9h253hbIL3xyNGD2LlxKKdLaylhtvx2kFIomMCBvAL6ixHvw62as%2FpQCfzUvqZvAudJl7%2BS4ipvVT8l9nBwzG3SXcmjvBm19h4usZIow4n9CCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730351ee8b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/asyncstyles.7792f.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:52:54 GMT
vary: Accept-Encoding
etag: W/"632ac2d6-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0HiSoV3HSNS6yIpyPO%2F9TMNQfaPx2YI10ObJHDhpoTbQa6JZm%2FAHvTGxW9r0WpBWGbdrB4QPPv2dFd3lTXDRojb4r8aBvvl8eY30fBlkCqUb2IXWjDd3IF3YsIkgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb82b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /phishing HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/html
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:31:32 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbMYoNUrRuwTwn3KIBZXq4CiYyRu7FYwtKuGsP49sJy2pEqx1iJOy5Q9%2BOIStWBgz72sZKv6M5%2B886cpLGBUNwb8uLUnsvEwJgyvbB4Ddl0TkpAFJjlndXlYjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073034fed6b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /static/js/app.8fc17.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:52:56 GMT
vary: Accept-Encoding
etag: W/"632ac2d8-3f33c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTdtmocBsT45z%2FwDNvSJ7cylIdN%2FxEUCMOmBetwam01pmpAWwdIxdbNW2fjP5p25xpJPTdUwxiUVTrM2xjWVUyLZ0EBjRKrVaKtHgVy095tVrsSU8V2gHMLLLgh4%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb81b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/blog-logo.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
vary: Accept-Encoding
etag: W/"632d9857-ee0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WV7I8sKa%2BjLOSZLSb1ZnATTqGX5yYbRCROKPowDxagnWAgNnrlEiP3Hedu6luJqXvI%2BydYsrmA9FFnl0vyu5J%2BgrvSh6tM840WSSHkqWO6PPzxzZ%2Fj%2BNypaYBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036884fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/Google%20Analytics.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoodXKHGIktlqSi4Mc7eAeuYikfQfVlZ4lEma%2BBOjGq3Lh%2Fp5CA5nMoGrVNOIbq%2FS%2FkrFYHIIYJEcOcIS77mQ58Q7y3vkLrgxAFpwSOSELgKKwftts7ptAu8Jp4rXtsz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368859b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/js/lazysizes.min.12809749.js HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-1c15"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4oIy4s6W6Dw6eZEaV2r71igP59franlh%2Be056%2BnqGXJyS%2FDkbobQVgXNTsrACTBA%2FAl2Fl%2B%2FDvk5sGmhCuuDKrd7K26U6YAYRK%2B8FzjPkZ1tP3R4yeeCWAKVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c88db503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/airtable.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCP3g%2FcbqRRr2s0B66xsHEi%2FaUU8tLSmjYzmXeDP1kwjcpk9x0OuqMeckAynFE7eEJZVBjycFZ%2FxGaB641nmkCbpV%2BTkUxApIcsUAqM1L83kmlSPvk01tP%2BK%2FOxSvK4s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86ab503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/css/asyncstyles.4869d.css HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:07 GMT
vary: Accept-Encoding
etag: W/"632ac2e3-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tutZGPrJ6kLWgtTnbxw%2BAQlvPu8I9NZNnFOaHB3OBlpoHn7besfjIHPP9zj%2FQq7wdHmG1zz0ejXAS2Orfr4d1G7q%2BUKZegoMrTP1slE3MMNIJ8D8908Se5OCiK1EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /cdn-cgi/rum? HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144864.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857; _uetsid=426c32303d2111ed92e52fa706e6976a; _uetvid=426c4f803d2111eda3c8df5b273fd8ee; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664144857824.1464110858; intercom-id-tt7hkkgs=a2665875-3c9f-4137-acad-dc167515391a; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/plain
                                        
date: Sun, 25 Sep 2022 22:27:45 GMT
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 75073063aa4db503-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1 
Host: static.cloudflareinsights.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.156.26
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75073030e9c5fac8-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Sep 2022 22:27:38 GMT
date: Sun, 25 Sep 2022 22:27:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/img/use/svg/facebook.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Wed, 21 Sep 2022 07:52:38 GMT
vary: Accept-Encoding
etag: W/"632ac2c6-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MJVYKrq1pwbbIYiChahh0faxmyrA8dd1CwTySbDQNEj5ar8niOQ9QskYJMKaHX%2BWv55DglF2eJ0I%2FmjfH2QMspCmE0ZSVF8wqWayjTn0uiX4sGMLJSBZDiRdIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036b882b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/css/app.bb6f5.css HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:52:59 GMT
vary: Accept-Encoding
etag: W/"632ac2db-12356"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27f55VxsJbsvdmejxL%2F1%2By2vygyPUYeGbN31Y6EfnF1rRx%2BR4A5ASSllxaL3tTPdwf%2FrxQjrWZM15cQCJCiip%2BKaV%2F56g0iVrDQPGTI0YsLTC2lFlfyQDOl53ZaDIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/slack.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= slack.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WEZs2IT9A6G4I%2FmM5gZok%2F2cUiwP%2BEHB7qFtKSLhb7fxYNKC0xa%2FnZo3d92Y99hQKbVs3vtRFtL4CePkmk8SSx3qFLjmXZFLYeGuC0DuwfHRf%2FWtA7IfPAw8GXQ8PXKm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368851b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/img/use/svg/envelope.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Wed, 21 Sep 2022 07:52:38 GMT
vary: Accept-Encoding
etag: W/"632ac2c6-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Txutg%2F4Ypr9pQJm1A90QKsxbCCgUj5hKNKafFDjvksVpBsKVPyPGubGuHPgDfhT7JYt1ZRgKZffoiNWkJ6OiB0fm4eIuR6pBsFW4w0An0kln0Q1APKrpipEKUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c887b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/dcomponents.15d95.js HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:09 GMT
vary: Accept-Encoding
etag: W/"632ac2e5-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9TIhV7yj%2B0rWt4y7qPtPIaJOTzIZlG7u1z4tKb97iJIP3NG8HcZ8c99dVuvufY36AoQ5lb9j%2FijjRvLNW5sq6CdRgLbMf%2FpRYhmIysmezft3iy%2BXLGMgmgBk4HoQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb83b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:22 GMT
vary: Accept-Encoding
etag: W/"632ac2f2-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYYp%2BAadfR5QqiZ8Y7Yr4DygVPHmajtv%2B39aT7I7IdRQ3KhSgAJNHDydMHhKoMeLgy%2BJ78806hRAiVVe9E3DJc8i1qsy9z2bs37KmuboBWlV37VmxOBce6Eu6XclLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073031fc8eb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/img/use/svg/google.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Wed, 21 Sep 2022 07:53:21 GMT
vary: Accept-Encoding
etag: W/"632ac2f1-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eB2grCYJbTgwkVNUQ1exIINaOb8KfL%2BmzhYCbJXXlasxq7hrf0B7OcDAU9yEMzyj1tBWmoQBnKACMo8PCmx9W2CGhPcwze2HRJXSgRpbbPfzoCRi5I9wwPrkjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a872b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/js/login.fb59ba75.js HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zEbcKqLG73htVjvOS2lKD2%2B6ordWYLUccsMaxWUnVJNd6dFyIY7NzWOFiavSSC4tCb58py1DP7Cc48N7NFoUoQcqID4d%2F8h3d%2B7ziZ2UnOqCbeZPF5N2YZKvOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c88cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /vendor.58bf4134.js HTTP/1.1 
Host: js.intercomcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.62
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
content-length: 103175
last-modified: Thu, 22 Sep 2022 09:02:20 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: eos8xj9gnlmhlNfXzSYn.0lvA6_CiGy2
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 21:03:41 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "c5c7554fee6470af01ca223ef9648618"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: L3IUzy5jcNuXLuL-5Zkh9Oywr8fYUf0Yo4anrEdcpxCvOYcIzWqGjw==
age: 5039
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /form/629b6312bd94a175bb849970 HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/html
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GOh8kVxypfl5ATTVqymjIFDkM1Ej%2BI3kbjHZWmhv7fi9EUyPMziUThLPk4FBA%2BhCvYkLlqejvL502AbHs52Vl6ke%2FYrg7pLS%2FSQ12rqhrvYRjkzoXvCYHrRjLjUlKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7507302f1a2bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/img/blog-resources.svg HTTP/1.1 
Host: forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
vary: Accept-Encoding
etag: W/"632d991d-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkwT9%2FwjyGr8HrXaJmRoHGqvZIMvy0RzInxH%2Bw2qlh3ZAnhV%2FoXxIXjYrgHRBGdTgfxg9U6XC87tQhO6fXWDyPe1G4mIGu1frkX%2FA7d%2BnYcBjTj0cbdku%2F86Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/hubspot-crm.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= hubspot-crm.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KLiJ9OJgdedRpYhWrccKafVhERQYSlO%2FwxL1Bf%2FYIDAefIwKkmXVg32%2B7FUbX2ZwbgHslmPHPXBWatXFI5N7Yeal%2B%2Fb8%2FSPoJ1rGS3ataSAi7XhyKO3lI90FprhpHy3N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368852b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sitefile/Notion.png HTTP/1.1 
Host: file.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 22:27:38 GMT
content-disposition: attachment; filename= Notion.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osQRMAcERi68dsKkREvyTdEvDIHaB8%2B7iOdQnn5nCXwp2v9rr%2FuPamfUlNeScKvFtEbln4luGfz4CDFCCwW%2B7%2FQFPF16qsvbEKR9ljIk%2B7HaoU%2FI3lwWf%2B0cJcktMlOB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a869b503-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/css/vendor.88295.css HTTP/1.1 
Host: my.forms.app
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.6.145
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 22:27:37 GMT
last-modified: Wed, 21 Sep 2022 07:53:06 GMT
vary: Accept-Encoding
etag: W/"632ac2e2-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWJaWU5oR8wTArtTipc43DkrH9eKxrw387yvhCAzuvUFormmd2ZK9vknv%2FYJX8oOWzD9bBj8%2FKFc%2FHHQt3CRzkzIXJfeZAXE1cNzNj6V27URYXAO4j1eCiSbtXJftg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb78b503-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---