my.forms.app/form/629b6312bd94a175bb849970
104.26.6.145301 Moved Permanently 0 B URL HTTP/1.1 my.forms.app/form/629b6312bd94a175bb849970
IP 104.26.6.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /form/629b6312bd94a175bb849970 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Sep 2022 22:27:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 25 Sep 2022 23:27:36 GMT
Location: https://my.forms.app/form/629b6312bd94a175bb849970
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqZ131dFeNDvtQp%2Bp%2FQl360hsEGgsrPJVSA92piojvxD1ZKFaeMDi4m%2Bpvs1FX0h%2Bx3%2FGxgQfiPvfbpTBdknAxSA4g%2BkxHBI1Xheou14yNjbJqrXFHcZwcAHjkTzdg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7507302aab2dfac0-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9591
Expires: Mon, 26 Sep 2022 01:07:27 GMT
Date: Sun, 25 Sep 2022 22:27:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 22:15:14 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jCPfLhsOchp32OSFcaxuFRncd4URPaOERVlA8xk_8-h_K51AT9YSgQ==
Age: 742
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3e81b5bd7bd8e12288a8159e44ceb3f
977945964ffcbf49ac78f840db9da822c50c82f0
4721814da286852318f7ebf9857bd4bf01f0beea2c9eb7ddb9f290e3fa472232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4721814DA286852318F7EBF9857BD4BF01F0BEEA2C9EB7DDB9F290E3FA472232"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16156
Expires: Mon, 26 Sep 2022 02:56:53 GMT
Date: Sun, 25 Sep 2022 22:27:37 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3nAI/ks0I73LhulxMZTDhTOXe1tW/nFNkbHVC5KOG8ZYh8wG71wiuD3ynLqSVBO63Gxypf5kc/Y=
x-amz-request-id: N7YDWM9Y6E8T8ZJ0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 25 Sep 2022 21:48:23 GMT
age: 2354
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7559d4ebbe2ad94ff80914e879c29d27
9bce0a737b4aed4c6f58f3b32557d8c5fbc0cee7
f8eadbcae394c24100ce9a7ba8faa01a02e7c86b3a392a8c6741fe522675f81f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:37 GMT
Server: ECS (amb/6BA9)
Content-Length: 278
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 25 Sep 2022 22:04:17 GMT
Expires: Sun, 25 Sep 2022 22:19:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5FN1jkOWAy8jjHDha5RrLqZbcQZcN855eVOXjPWo1xF0rNZ4-bAgzw==
Age: 1400
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2395
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:37 GMT
Last-Modified: Sun, 25 Sep 2022 21:47:42 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
my.forms.app/static/css/dcomponents.77be9.css
104.26.6.145200 OK 2.0 kB URL HTTP/2 my.forms.app/static/css/dcomponents.77be9.css
IP 104.26.6.145:0
File type ASCII text, with very long lines (6851), with no line terminators
Hash 4ee626adf199e855720aae646b5aba6b
7643048b9ff77d47d08afb8d67fbb859c42da072
bd89e9c94008a184f41acacc6cec079b5ec94b4ff26e18724945dddd7bfdd398
GET /static/css/dcomponents.77be9.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
etag: W/"632ac2ea-1ac3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbYCHpRy3TlXLQJfddlQN8w7xu4foKlamPtefwgo9wXFDRcfsl7090RFjZd74G71iB%2BaQI21PeU2n1dSXwv8ghCsVGukqKAJfLMy77RekzNkstzg58RoIYvgMm%2Fjcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7db503-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-WPSL383
142.250.74.72200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-WPSL383
IP 142.250.74.72:0
File type ASCII text, with very long lines (15501)
Hash 7a0162b796dc5775c9d4689f789e314a
e785e665bfc895d4696814332f6b8aaf4f9aac2e
07dee2e0fa52597062820564c8f6e05ae4dcd04f94ef8186bacb597f561e53d1
GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Sep 2022 22:27:37 GMT
expires: Sun, 25 Sep 2022 22:27:37 GMT
cache-control: private, max-age=900
last-modified: Sun, 25 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76136
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.forms.app/static/css/iicon.8278c.css
104.26.6.145200 OK 3.2 kB URL HTTP/2 my.forms.app/static/css/iicon.8278c.css
IP 104.26.6.145:0
File type ASCII text, with very long lines (574), with no line terminators
Hash 39aff49b710b2b294255f281905c5cbf
63ef822bda2e30b90f62e23eeb9148ad63221a35
1122e7274189be2858cdbeecb637ce8c4613641e8694be1724df799bae7ddc03
GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:06 GMT
vary: Accept-Encoding
etag: W/"632ac2e2-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4IgWavpvvYZ73F%2BWubgD3gGWsT6euVeFUwAkiqL%2FeOER7nbn8OMGMssqMriq4m%2FwX4k37huhYe3LnNsggMLl3hzW9pN7ZrMPrez82julFl5HNjohCMvizd7FvNOtYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.212.166.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.166.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P8rXnqIZyv52ygdEEhlSTQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jsg+N9AgvrerQEY5/7g2OZo9Pyk=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f09a18ffd47757d6303864753f40a57c
6f056a04785c83dae4a4f40eaac5ac34a5a391f2
9969afe37e2b095cd931423fcc9dbfaa9a751d81a055bcd8f77a1aa7a51bd72e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/js/runtime~app.4691c.js
104.26.6.145200 OK 37 kB URL HTTP/2 my.forms.app/static/js/runtime~app.4691c.js
IP 104.26.6.145:0
File type ASCII text, with very long lines (24538), with no line terminators
Hash f9e7bfa938b6df8220f340eae44a9dbb
987a75c058083cf25a7e4dd88d9ef0d0d6602bae
43e8d99824c3307887a0e848d496c6744a3dcd3ad5a65f32d1a341b28d3df204
GET /static/js/runtime~app.4691c.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:00 GMT
vary: Accept-Encoding
etag: W/"632ac2dc-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWlwHwEnpYbA8flRB%2B1fhXM3iUoAxL%2B740IigzMLvKuXpRE3v5AZYXA%2FuPQ69nJMpiY%2F1NAaAbFPyirs%2FWag9EfSYFxx6EkdgQp2jo3ufvkZ6zQY9DZpceVgpLC2JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb8bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f09a18ffd47757d6303864753f40a57c
6f056a04785c83dae4a4f40eaac5ac34a5a391f2
9969afe37e2b095cd931423fcc9dbfaa9a751d81a055bcd8f77a1aa7a51bd72e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 102373
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.forms.app/form/629b6312bd94a175bb849970/view
172.67.72.65204 No Content 0 B URL HTTP/2 api.forms.app/form/629b6312bd94a175bb849970/view
IP 172.67.72.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /form/629b6312bd94a175bb849970/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 25 Sep 2022 22:27:38 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PC%2FrvTcdFo7AgdTqHNcWg1UyDGb6MMBIxWhW17NstFX1uTik8bG4dbVJ4iS9oQcBu8bxVal%2FLd8r%2BLL5ab2F4kA2av0ZJm3xzs7FOTZZ6BYj0qo3ML2xgTr2VZvMJ0c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730335a160b65-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/iicon.59ea2.js
104.26.6.145200 OK 4.3 kB URL HTTP/2 my.forms.app/static/js/iicon.59ea2.js
IP 104.26.6.145:0
File type ASCII text, with very long lines (13470), with no line terminators
Hash 19c9b06549fffb29627353a592c704ee
e6d50d92754f64aefb0e75c26d48d7a24ad3b593
88cf635f3ed1ffd84f68f00b0338812384a4c620dc94a05e98cf7c3fca808c52
GET /static/js/iicon.59ea2.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:52:44 GMT
vary: Accept-Encoding
etag: W/"632ac2cc-349e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m3yZyfSOzupMwkriicRDGlumSbeqxZTnbTFBZ2neY0RpdCI2u8QY8gr7YSmkpfcw5ngwhXDclTlIScTiLxvy3KS4aelaWSGXH0i5RUnVtKAipEqGusn%2Fp92Wr1rKSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb84b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
104.26.6.145200 OK 8.8 kB URL HTTP/2 my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
IP 104.26.6.145:0
File type Unicode text, UTF-8 text, with very long lines (12156), with no line terminators
Hash 1eab312add3586d7eabae12dfd20d552
8b5160159fa1b2e4389a72f939cc242d3f336b63
18bc0540e29a4a39e59f4dc1e669011f50b2c29caa634f951bcd2c4f5ba2764c
GET /static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:25 GMT
vary: Accept-Encoding
etag: W/"632ac2f5-2f93"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjAEU3TU9XGISImymft8VHHmJf3PXkCAxtDX%2BKmRGE%2FWLNVMfXV5nVM%2FhnLaK69eTtZ9ICKPqu8LuA228AxtUZ3F9RVl1CBWbSe5qbEXw3LRfND9VE81N5wmz63YUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073031dc78b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dab3e5282ac0f1ca4b167bf147382439
746358bc1c029a5ddeb3f8679020f07109f9fbea
fd299b43eafa48b711fafa6509c1d7580681e2a11ded1c24678e76a9fcef555d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6442
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Last-Modified: Sun, 25 Sep 2022 20:40:16 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bc7883d0a03d9c3559288a600fecc70a
b0e538996510ec8c861264cba4bf79fa73f6f7d6
c3bdc9bb12c7c951ca2d861c95156de2c724acc82386e882864c464132e07ac3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bc7883d0a03d9c3559288a600fecc70a
b0e538996510ec8c861264cba4bf79fa73f6f7d6
c3bdc9bb12c7c951ca2d861c95156de2c724acc82386e882864c464132e07ac3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/img/form-disable.png
104.26.6.145200 OK 7.8 kB URL HTTP/2 my.forms.app/static/img/form-disable.png
IP 104.26.6.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 132d5df78ca2b88cf07963c7ecee1023
2cfd65ba9bb62a3d954ceeafb37ef9757a79188a
1e88533f5ec84f1b51bcc82801af0017c0bc0470a7841eb1a5a041df42f40baf
GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/webp
content-length: 7820
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=9896
content-disposition: inline; filename="form-disable.webp"
vary: Accept
etag: "632ac2d3-26a8"
last-modified: Wed, 21 Sep 2022 07:52:51 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2060
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pn4hWbYIYfmpnG%2FLjQew4HXuJYnsCnkEdG09EhH6JFtUdD7QIkdKHgI7Qosv8wyL4n%2BM0DnQquc6V7iIIJXgWYjnhbWs6Ejp%2FGEXS8btYea4JWNxg%2F8E7RjfHBQ3hA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730351ee9b503-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/formsapp-logo-white.png
104.26.6.145200 OK 1.9 kB URL HTTP/2 forms.app/assets/img/formsapp-logo-white.png
IP 104.26.6.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8edd3c97094fa7a2e082915e5704a9bf
a33b8b4cfa61188431fd90374e857346277f1590
34484856915ff1c164ffb80718c46a3fd1314e6c7484b1cc2918223d65590ca9
GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/webp
content-length: 1902
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5999
content-disposition: inline; filename="formsapp-logo-white.webp"
vary: Accept
etag: "632d9889-176f"
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Aw%2B2yYIligs3w8AcHTRXMJZ5DTctzdNp9J3rYKTpCYWLhDxlyyK28cDn2fE78hl2GaUw4hQRGzpk1cetBZayQYUwh9Uy13mD9%2BkaATgAMWuDE6KCF3BXXiSIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036784cb503-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/form-builder-blank.png
104.26.6.145200 OK 149 B URL HTTP/2 forms.app/assets/img/form-builder-blank.png
IP 104.26.6.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash eab6bf754eb6a790cc1240262c1c3a29
9ea4eaac5215410d39dadda7a62e8b287975521a
d19c316cd024fbefdb82a69b3233eea0f502b445dbe80c17c4596f295c354f12
GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-length: 149
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
etag: "632d981e-95"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G92e3IPEiUNJqkhXJJjMF%2BXIbYsS5%2Bnw1Jm8WcE2LRdXzm1w7ZFVbBUsBJ2ekLOCvd4oDJGlYycJ%2BMZD6D%2BrYiwDvnJK9TNPc2kO0fhDbI8xB54sYXQgc6m8Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a870b503-OSL
X-Firefox-Spdy: h2
forms.app/assets/iconfont/iconfont.woff
104.26.6.145200 OK 18 kB URL HTTP/2 forms.app/assets/iconfont/iconfont.woff
IP 104.26.6.145:0
File type Web Open Font Format, TrueType, length 18416, version 1.0\012- data
Hash 64f7aa12b6b4451be569df62604435a5
45ce2923a9a7c71988b1528c07379233bae693dc
552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42
GET /assets/iconfont/iconfont.woff HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: application/font-woff
content-length: 18416
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
etag: "632d981e-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dACi7XAExDhZKsru5bBI7DJuTOIy6vY8TMaf%2FVJ3EhuhYIxXspTT%2Fdzsv0KyN9ePJZKWGFdskrnuvtME%2Fm6rU5KR%2FyoBCHjObMHGe9TMK3Am12dHES4MYzIJ0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036d88eb503-OSL
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 25 Sep 2022 20:41:09 GMT
expires: Sun, 25 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 6389
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=49797
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
certify-js.alexametrics.com/atrk.js
143.204.55.109200 OK 4.3 kB URL HTTP/1.1 certify-js.alexametrics.com/atrk.js
IP 143.204.55.109:0
File type ASCII text, with very long lines (4255), with no line terminators
Hash d89453438fbf10dcf4c13265c40d5160
02d5f4e46c94bf34e12b2d773f63f643ea2b3518
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: V0kJPkkTDLLONsXawoE4fQeHfjdH9mRTG1jMXVwzvDjmm5COif2S9A==
Age: 3781535
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 25 Sep 2022 22:27:38 GMT
expires: Sun, 25 Sep 2022 22:27:38 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/bat.js
13.107.21.200200 OK 11 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=2E84BE3806F36C62228BAC1207066DDF; domain=.bing.com; expires=Fri, 20-Oct-2023 22:27:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1BE3D08B91AB4239AE9DA17734C8F2CA Ref B: OSL30EDGE0206 Ref C: 2022-09-25T22:27:38Z
date: Sun, 25 Sep 2022 22:27:37 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9816a34aa982a32c75960dea9eafeb8b
c7e109045ac10b4a16db658cab522d76260ad913
35e739f34c5de6ef430dd444b8a4dfff2fada8de37f67d460a43ab9e0697032c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
file.forms.app/sitefile/wordpress.png
104.26.6.145200 OK 15 kB URL HTTP/2 file.forms.app/sitefile/wordpress.png
IP 104.26.6.145:0
File type PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Hash a8142c5209c37c282b68fe91ef4d90d2
5517c445e6a7cd9a77cba083056517e778c31845
95db53e57aec02cb8cec31dbffdc57409ca3ab9ac0befb153bc50de23cbcd307
GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= wordpress.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iD2eZZIyvIxFKW3U34C09A7FZtd6dQzdGRumyVrP4LfZmOd4hv%2F%2Fuz4Kif6tOZQL%2BjDKIoYJahhBsDC%2BbLwVh8FyakD4K3l4GNQZaM6rqxJdIakTf4AObo6E8O64xWz1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a868b503-OSL
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: XzvRJAnx6a8iaA5+C+vBCOaEogeFCf/q2TntX7xIeA49nyw/HSDDg3ntD2XUctEk/pSsdMN4Uycf8/sHrfzzQw==
content-length: 26840
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 22:27:38 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4474bfba80fa3257384d1c908e1353bf
9a2869a3888743d575e6f87d2a7479d5d97fa123
63378e949c0ea9564e7660ea0522ce7a59727a0a5232b81b77f8525899f67a2b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
file.forms.app/sitefile/excel%20copy.png
104.26.6.145200 OK 9.4 kB URL HTTP/2 file.forms.app/sitefile/excel%20copy.png
IP 104.26.6.145:0
File type PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Hash b89fb2e1827687f9c27bcb670034048e
ddea09e99905551939a14f3e1719b49a7a6357a0
032895f25980e032f78b65532193015530a6c1fcf574bfaa542b17e960d94e57
GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2ydV8EanqjBya19IIYcRbzaE83A7F8gdwituxxBpCM7lFleupNl1E8apF0EegR2fxWC%2ByDH0p52WjNUuUOhVIlvBoYCAUBlnkz0tnJuNOApaBU6rsQOL1yPZNh7Yqyl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a867b503-OSL
X-Firefox-Spdy: h2
forms.app/static/icons/favicon-16x16.png?v=1
104.26.6.145200 OK 916 B URL HTTP/2 forms.app/static/icons/favicon-16x16.png?v=1
IP 104.26.6.145:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 7b4d7d6e0968fe900568920543a5876e
c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056
2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:39 GMT
content-type: image/png
content-length: 916
last-modified: Wed, 21 Sep 2022 07:53:04 GMT
etag: "632ac2e0-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkZbdhMXKe09ugGB2jj5ufGUyUmoWW5dV5wZm93uUnfoinJyTG%2B08ANFDQktTQ94Q967WiURbXxSpd%2FgOeLf6YWEbbBgV%2FkoIp7nbEdto56vzGPe%2Bdgsq4zUsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730380979b503-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dab3e5282ac0f1ca4b167bf147382439
746358bc1c029a5ddeb3f8679020f07109f9fbea
fd299b43eafa48b711fafa6509c1d7580681e2a11ded1c24678e76a9fcef555d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:39 GMT
Last-Modified: Sun, 25 Sep 2022 20:40:16 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
forms.app/assets/img/phishing.png
104.26.6.145200 OK 5.4 kB URL HTTP/2 forms.app/assets/img/phishing.png
IP 104.26.6.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 486e845db3badafe650b2488a8051844
b6c53a5fe798d41e3c016d9b6e9587b0aca894c9
13cbd9356bccfd1e91054818c417a05a937a14965dd3ca6a18f4ad9699cd0470
GET /assets/img/phishing.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144857.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:39 GMT
content-type: image/webp
content-length: 5380
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=16006
content-disposition: inline; filename="phishing.webp"
vary: Accept
etag: "632d991d-3e86"
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2060
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgwgcxIN8ZykknYTgdj8rTtSR8HkCO62bWdY7n%2BkivISnfopwqTfmg88722abYoCkp8USJvmycVWUYLHJZH5YLYnkpBczQ9FdTf6xjTfSvGP3HwiVWS5P75vLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730397a5eb503-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12270
Expires: Mon, 26 Sep 2022 01:52:09 GMT
Date: Sun, 25 Sep 2022 22:27:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef17205adb2b478d3bff54b048208d22
12aac1bd22e675f09a220de08b4656e801c2e647
620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pt7rJi8EIQFBk0gHQZ1WnjvThPba86XZCGFs83l1ZW2dj-_6bZprAA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbad0bb4-9ab3-47a9-80fd-6567993349dd.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbad0bb4-9ab3-47a9-80fd-6567993349dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65e3b72afc2f13978ee80cc87dc289f1
78a82653eb0e5aa4f1355c13b665da44a3412024
9f3a89f268fca25f5a6c7319b1f8412a193cd73bc9c8f4c5a9d294582df3a57b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbad0bb4-9ab3-47a9-80fd-6567993349dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9352
x-amzn-requestid: efae9f72-8dce-4899-9dc8-c6cc9b4b2540
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvwFwWoAMFmig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-744ade88393a83467fea2b97;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NOu92heW0-RynLU34xGoSq36WGjOu75Ukkd8IA3IoQ2FMHFUMlkJrA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "78a82653eb0e5aa4f1355c13b665da44a3412024"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8703b7f0-bb10-4a43-a50f-a8a5c8857499.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8703b7f0-bb10-4a43-a50f-a8a5c8857499.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38f828e3aa86057cc3b686ca9d4accc5
c529507a70247c7e03c849c3ff45f93eada6f0c4
76016d51352ff6a8372b92206119d88747600874ecee5315573ca4e539e03c6f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8703b7f0-bb10-4a43-a50f-a8a5c8857499.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10045
x-amzn-requestid: a01e6cef-fe8f-498c-aa68-2603a66b1121
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvwHPwoAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-1a4405e54c54eccb4f0846a2;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dBJjUHYsSR4YA1SMcbZJ_iNdvPOhtXlltVN3f36IduFe2h2zsMT_Yw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "c529507a70247c7e03c849c3ff45f93eada6f0c4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d79a3a5bd7dc7aa6cab306176fafd11
0d5cb1f3e3ea510308034a5e569c0e65fae30835
57979dfcf6fdc76f04e4790c2b94b876e188ac780aa49d9bfc8a58c498dc4203
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f39b5b4-f60c-42d8-9916-f71d7998f158.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7185
x-amzn-requestid: e7b997d7-f9ce-40c6-b9bb-372ee10d8ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTAfEX5oAMFcHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb9c-31e295e33ead940f381121a1;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:43:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p7rimTrmOgUnwPuESSKSrsWlzhiSBJYx9h8XIacxP8DUyyvXye2iyg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 2263
etag: "0d5cb1f3e3ea510308034a5e569c0e65fae30835"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accounts.google.com/gsi/client
216.58.207.237200 OK 83 kB URL HTTP/2 accounts.google.com/gsi/client
IP 216.58.207.237:0
Hash 7f909e0ad074d83b5765824c93f28256
3c0181aab7b7ebb76818d3517abe257dcb6e3c77
07d0607342674c0ea4d6541b515dbec6b84f1bb2d6cb106c91b8943cac27dbe0
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Sun, 25 Sep 2022 22:27:39 GMT
date: Sun, 25 Sep 2022 22:27:39 GMT
cache-control: private, max-age=1800
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-Fx2-Wq6_iTOuWe_NFtT9sA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:19 GMT
age: 3020
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664144857375&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=18424211414&sess_cookie=a8f56e7118376c3591e7e890934&sess_cookie_flag=1&user_cookie=a8f56e7118376c3591e7e890934&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
54.230.111.59200 OK 43 B URL HTTP/1.1 certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664144857375&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=18424211414&sess_cookie=a8f56e7118376c3591e7e890934&sess_cookie_flag=1&user_cookie=a8f56e7118376c3591e7e890934&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
IP 54.230.111.59:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664144857375&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=18424211414&sess_cookie=a8f56e7118376c3591e7e890934&sess_cookie_flag=1&user_cookie=a8f56e7118376c3591e7e890934&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Sun, 25 Sep 2022 02:09:43 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BF3x39GFtyB-gs3gZA3h9hrTC262oEP5pdsyC1PIZN6q5HgIKWmMRg==
Age: 73077
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=a93c6cd8-aad2-4fab-9c43-df716457aae8&sid=426c32303d2111ed92e52fa706e6976a&vid=426c4f803d2111eda3c8df5b273fd8ee&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=491&pt=1664144856792,,,,,1,1,1,1,1,1,19,207,208,213,485,490,491,,,&pn=0,0&evt=pageLoad&sv=1&rn=337318
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=a93c6cd8-aad2-4fab-9c43-df716457aae8&sid=426c32303d2111ed92e52fa706e6976a&vid=426c4f803d2111eda3c8df5b273fd8ee&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=491&pt=1664144856792,,,,,1,1,1,1,1,1,19,207,208,213,485,490,491,,,&pn=0,0&evt=pageLoad&sv=1&rn=337318
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=a93c6cd8-aad2-4fab-9c43-df716457aae8&sid=426c32303d2111ed92e52fa706e6976a&vid=426c4f803d2111eda3c8df5b273fd8ee&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=491&pt=1664144856792,,,,,1,1,1,1,1,1,19,207,208,213,485,490,491,,,&pn=0,0&evt=pageLoad&sv=1&rn=337318 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=33E36A7EA339624D38037854A2CC63EA; domain=.bing.com; expires=Fri, 20-Oct-2023 22:27:39 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0196DD767DB74A6AA663C0A5EE9A6F7D Ref B: OSL30EDGE0206 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:39 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1d095ec6a56142cb2084481b06881ef4
82ff236023008fbfb871aaa7c1e976e0cf15e91a
791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664144857459&cv=9&fst=1664144857459&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1557510503.1664144857&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.34200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664144857459&cv=9&fst=1664144857459&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1557510503.1664144857&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.34:0
File type ASCII text, with very long lines (2302), with no line terminators
Hash 90972db81d7f2944b96cfbd1185ead65
42a9ab6d04ac5deac5664958acae3c788c64f152
90fab6f2acdd66da9ccf04262fab4dfe7fff9485b509e55b417a5eba1a92e121
GET /pagead/viewthroughconversion/587928374/?random=1664144857459&cv=9&fst=1664144857459&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1557510503.1664144857&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1036
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 25-Sep-2022 22:42:39 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/p/action/137024713.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137024713.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=33326066A08362E438C0724CA1766320; domain=.bing.com; expires=Fri, 20-Oct-2023 22:27:39 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 419F79128B2E4AAABE503B1C18A9834C Ref B: OSL30EDGE0206 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:39 GMT
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&gjid=936619456&_gid=990757285.1664144857&_u=aCDAgEAjAAAAAE~&z=1001427146
64.233.162.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&gjid=936619456&_gid=990757285.1664144857&_u=aCDAgEAjAAAAAE~&z=1001427146
IP 64.233.162.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&gjid=936619456&_gid=990757285.1664144857&_u=aCDAgEAjAAAAAE~&z=1001427146 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1d095ec6a56142cb2084481b06881ef4
82ff236023008fbfb871aaa7c1e976e0cf15e91a
791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash c9184176dc8ee17dde36e56793d6c712
dc24f988348d560a0e8cc839e1a5dd3e5c58d1bd
6eab0e6e1beb6f67a28f418973097f2ad0fab0077bff674b0dbdc3f4c01746cf
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 22:27:39 GMT
Last-Modified: Sun, 25 Sep 2022 21:08:22 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NwViAFiKWwx0CW7ThqLnCvFlX01aYVpmMe2ZXfQ2d9BRihe2LDMOVw==
Age: 4757
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664144857444%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJEa92yGVF7VAAAAYN2w2EW0ZA3xPWAbvsQV1b45OUkTJvgZ7dFB70H-ivI_0TIjCAK-ZApi2P0GQ; Max-Age=2592000; Expires=Tue, 25 Oct 2022 22:27:39 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIGoMF9SSdTUQAAAYN2w2EW0wRbbmtFzphmYdpPwkZlrI2-SFY8uXUYer3ql-N-YlLMrNcZDzoUS74PxN7zyQ; Max-Age=2592000; Expires=Tue, 25 Oct 2022 22:27:39 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&5475603d-cefc-4835-8c51-895deff60e22"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 25-Sep-2023 22:27:39 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2349:u=1:x=1:i=1664144859:t=1664231259:v=2:sig=AQFK5lY_ck4oO4xroAoogaUT9TuwbuwY"; Expires=Mon, 26 Sep 2022 22:27:39 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXph+szGnVE8lHUsnceww==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: D1A7D810E107421F9677EBC6BA4F867B Ref B: OSL30EDGE0307 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664144857825&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664144857824.1464110858&it=1664144857491&coo=false&tm=1&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664144857825&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664144857824.1464110858&it=1664144857491&coo=false&tm=1&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664144857825&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664144857824.1464110858&it=1664144857491&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sun, 25 Sep 2022 22:27:39 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
35.82.251.53204 No Content 0 B URL HTTP/2 redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP 35.82.251.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 25 Sep 2022 22:27:39 GMT
server: Server
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&_u=aCDAgEAjAAAAAE~&z=592343701
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&_u=aCDAgEAjAAAAAE~&z=592343701
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=450126566.1664144857&jid=780630682&_u=aCDAgEAjAAAAAE~&z=592343701 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/587928374/?random=1664144857459&cv=9&fst=1664143200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=683492286&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/587928374/?random=1664144857459&cv=9&fst=1664143200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=683492286&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/587928374/?random=1664144857459&cv=9&fst=1664143200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=683492286&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 22:27:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 22:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664144857444%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664144857444%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664144857444%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&5f557033-4473-4e2e-8bfa-7c702525ff55"; Domain=.linkedin.com; Expires=Mon, 25-Sep-2023 22:27:39 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220925222739ee040ac0-abb7-4dae-84fa-3fbe06c14110AQHQf2xXdgYMoFE_ijF195uqE7JXDA2B"; Domain=.www.linkedin.com; Expires=Mon, 25-Sep-2023 22:27:39 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjQxNDQ4NTk7MjswMjFcF6cSKE7QzwRo3RiLftjpY6lsOIw3bDW+Y2o9Lxk28Q==; Domain=.linkedin.com; Expires=Fri, 24 Mar 2023 22:27:39 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2349:u=1:x=1:i=1664144859:t=1664231259:v=2:sig=AQFK5lY_ck4oO4xroAoogaUT9TuwbuwY"; Expires=Mon, 26 Sep 2022 22:27:39 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXph+s3zmVio8LVDiwfSQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 863F05C0899B49429A6B151358256E36 Ref B: OSL30EDGE0307 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:38 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1664144857444&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&78e62d5b-6d4e-4cbe-8be4-3101676a1cf3"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 25-Sep-2023 22:27:39 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2349:u=1:x=1:i=1664144859:t=1664231259:v=2:sig=AQFK5lY_ck4oO4xroAoogaUT9TuwbuwY"; Expires=Mon, 26 Sep 2022 22:27:39 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXph+s66xdKJN3zKthQ7Q==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 047F3EB4FE854BFD8D6E6998F4693DED Ref B: OSL30EDGE0307 Ref C: 2022-09-25T22:27:39Z
date: Sun, 25 Sep 2022 22:27:39 GMT
content-length: 0
X-Firefox-Spdy: h2
widget.intercom.io/widget/tt7hkkgs
54.230.111.86302 Found 0 B URL HTTP/2 widget.intercom.io/widget/tt7hkkgs
IP 54.230.111.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 20 Sep 2022 08:31:36 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ykBSh0nB79fvJhLEuwMX6VHyaDZbrTmgTtU9r__NM8_TI9Ml6_g6Vw==
age: 482165
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 22:27:40 GMT
via: 1.1 varnish
x-served-by: cache-bma1678-BMA
x-cache: HIT
x-cache-hits: 1378
x-timer: S1664144860.081306,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
js.intercomcdn.com/shim.latest.js
54.230.111.62200 OK 6.2 kB URL HTTP/2 js.intercomcdn.com/shim.latest.js
IP 54.230.111.62:0
File type Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Hash 78e5fa5780a095f31cd5ad256609db60
bc268b805d2bdd61437de79b38de1c27d16060bd
dbf5cace47334b0e3b1972da94b7a1d4a64e3c517ee3699c3bcf9a88a75e9d9c
GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6170
last-modified: Fri, 23 Sep 2022 14:33:24 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: dohpLQMJATrJhKVWci90uJsHoPft_NB6
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 22:26:07 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "78e5fa5780a095f31cd5ad256609db60"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4jD56NNi5ZO7H9AKJWt_rDbIwXwFSxK8VEBHA0kf7kK5FAmmnxOwZQ==
age: 94
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
js.intercomcdn.com/frame.d3f71718.js
54.230.111.62200 OK 130 kB URL HTTP/2 js.intercomcdn.com/frame.d3f71718.js
IP 54.230.111.62:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 130 kB (129676 bytes)
Hash b9494458865666162b3a68d85fc9daa7
8e007cacbb8b9510edf2d4e4f46868bc7abdd7e0
82c3cdb5c762cdaaed36cfd9c946c9fc7012f284a5d42bbd351547fc7d71cbe1
GET /frame.d3f71718.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 129676
last-modified: Fri, 23 Sep 2022 14:31:56 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: jEj7i7pT6cAf82x31Uac6hrRy4xnf5kB
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 20:33:30 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "b9494458865666162b3a68d85fc9daa7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tJId9mLj_uNGMvEF_XnO-uke5eVbRJ-6H60Fc_YzTVfc7PeT4N9J7Q==
age: 6851
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1722&ck=1&ref=https://forms.app/phishing&be=245&fe=1642&dc=491&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664144856792,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:1,%22ce%22:1,%22rq%22:19,%22rp%22:207,%22rpe%22:208,%22dl%22:213,%22di%22:485,%22ds%22:490,%22de%22:491,%22dc%22:1641,%22l%22:1641,%22le%22:1648%7D,%22navigation%22:%7B%7D%7D&fcp=326&jsonp=NREUM.setToken
185.221.85.3200 OK 139 B URL HTTP/1.1 bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1722&ck=1&ref=https://forms.app/phishing&be=245&fe=1642&dc=491&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664144856792,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:1,%22ce%22:1,%22rq%22:19,%22rp%22:207,%22rpe%22:208,%22dl%22:213,%22di%22:485,%22ds%22:490,%22de%22:491,%22dc%22:1641,%22l%22:1641,%22le%22:1648%7D,%22navigation%22:%7B%7D%7D&fcp=326&jsonp=NREUM.setToken
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
Hash 569ba44f4d2a9baf4de47d3a78180009
84c4e5de1cc49adf2b3e30181dcd8489b12140ee
9b2b1c4f7b8fba7808ac67b5b5b64f48dac39456851b5e9cdd9e37095ee76ad8
GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1722&ck=1&ref=https://forms.app/phishing&be=245&fe=1642&dc=491&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664144856792,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:1,%22ce%22:1,%22rq%22:19,%22rp%22:207,%22rpe%22:208,%22dl%22:213,%22di%22:485,%22ds%22:490,%22de%22:491,%22dc%22:1641,%22l%22:1641,%22le%22:1648%7D,%22navigation%22:%7B%7D%7D&fcp=326&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 22:27:40 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 750730404fc115f4-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=da59206e591a6356; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJSuD9r%2B75cmCYV%2Fxh6ZYat116rq6GaLS2SIatQofTlRzwKubHmDjqP5Bv1qAdHWNBiFNNWITDpzCzbPFfFcStF72YVjDlmJunW%2BmsT8ZkOn8U5qt5ADDg92nrUFa5t4wfzxIFcJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1875&ck=1&ref=https://forms.app/phishing&st=1664144856792
185.221.85.3200 OK 36 B URL HTTP/1.1 bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1875&ck=1&ref=https://forms.app/phishing&st=1664144856792
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
File type ASCII text, with no line terminators
Hash c166c55bb8bacab6d0ba49b766644670
8de8be38f5eecc3ffe4fe4fe0f5670eef2d41233
691ed8489166fe87e77f648d02d7e18a523918e44fd57ac149d3609277bf0bd0
POST /resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1875&ck=1&ref=https://forms.app/phishing&st=1664144856792 HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 1133
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 22:27:40 GMT
Content-Type: text/plain
Content-Length: 36
Connection: keep-alive
CF-Ray: 75073040afef15f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BiHr5pNfmjZ5YZ1e%2FPkEIIX%2FG9VWztE0AUfVK4OcuDP%2Bgkvvk097m%2BEww7YaVRfCNAi7%2BUhtu%2B%2BFWoujTvXadQqQ6WZuuQ4w4szFPCnFBx40oLbN0oXVWQnXA%2BEWe4uTuhOiMIya"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2652&ck=1&ref=https://forms.app/phishing&ptid=b447fc75-0001-b26d-d472-018376c3647e
185.221.85.3200 OK 24 B URL HTTP/1.1 bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2652&ck=1&ref=https://forms.app/phishing&ptid=b447fc75-0001-b26d-d472-018376c3647e
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2652&ck=1&ref=https://forms.app/phishing&ptid=b447fc75-0001-b26d-d472-018376c3647e HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 345
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 22:27:41 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 750730457aaa15f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qtjsWj7mDg5qugRzPpbfhZI9aQwB2uWj11K0NH5BuMU%2F0FWMpqYTV7vbtQ13tMFvoTJPSmhN4Eq2uCJQq5yCBARLWBSs2FSJKfgthJNbiWfEuoz72H2rj5vr3tgus2a82XgKSGx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
forms.app/assets/img/formsapp-logo.png
104.26.6.145200 OK 2.9 kB URL HTTP/2 forms.app/assets/img/formsapp-logo.png
IP 104.26.6.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 59766a971f90101d029ff73f0478a40e
131f63ef0a1d7cb350bddbae1a024fd3f6ec5489
6da09df32ca888e63b7c58d507cb1d717850be72fd4ba9b10dd26a7c478fc10a
GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144857.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857; _uetsid=426c32303d2111ed92e52fa706e6976a; _uetvid=426c4f803d2111eda3c8df5b273fd8ee; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664144857824.1464110858; intercom-id-tt7hkkgs=a2665875-3c9f-4137-acad-dc167515391a; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:42 GMT
content-type: image/webp
content-length: 2852
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=3548
content-disposition: inline; filename="formsapp-logo.webp"
vary: Accept
etag: "632d9857-ddc"
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2062
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMrd%2Btx6fZHROfqjR79nzODxyb%2BtXIbXKsP8Qdyet2pQntG8d74gl6Ss9Ea42gxGXqU6j9DFjjdQeQqZ1m%2BsPDFfjg0zf9G3HVX0j0xyTw%2FY%2BOfW34149%2F17AA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7507304bc82db503-OSL
X-Firefox-Spdy: h2
nexus-websocket-a.intercom.io/pubsub/5-2eq5OYsuS-g613CPlSA_VZEvClbRm5VuA9SQmB-lLtTapciMWSx0VpDX0tbbWpZrHnJFd0KEHgfc7_mbuD1I2wIX2Obw9Cs3NLTn?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
34.237.73.95101 Switching Protocols 0 B URL HTTP/1.1 nexus-websocket-a.intercom.io/pubsub/5-2eq5OYsuS-g613CPlSA_VZEvClbRm5VuA9SQmB-lLtTapciMWSx0VpDX0tbbWpZrHnJFd0KEHgfc7_mbuD1I2wIX2Obw9Cs3NLTn?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP 34.237.73.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pubsub/5-2eq5OYsuS-g613CPlSA_VZEvClbRm5VuA9SQmB-lLtTapciMWSx0VpDX0tbbWpZrHnJFd0KEHgfc7_mbuD1I2wIX2Obw9Cs3NLTn?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pRBjWWuL/l0Kvo0eDVUdvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sun, 25 Sep 2022 22:27:42 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tX0Bs2Tgra65Q0mRFrIYlRcpraQ=
my.forms.app/static/js/icons.df638.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/icons.df638.js
IP 104.26.6.145:0
GET /static/js/icons.df638.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:00 GMT
vary: Accept-Encoding
etag: W/"632ac2dc-3b710"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5599
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fBZmj6tvv%2BfboznL4egGQuZ1MTkgboTy%2FcCwr6JQ%2BS%2FBKLzrzDj%2FtnRw2yEjdTKwkfugBLCwD6XyGltB9rvN%2FNOjrGhGzMl8U0MREKaLYuKvWtRMFEks1qhRffjNFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730352efab503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/cdn-cgi/rum?
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/cdn-cgi/rum?
IP 104.26.6.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 384
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: text/plain
access-control-allow-origin: https://my.forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 750730367842b503-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
forms.app/assets/img/logo-home.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/logo-home.svg
IP 104.26.6.145:0
GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3PZBM2x7o59eGtNdu5yf3a5bGYsOmSliXsUumaiX15EIKulWHGzXrIwM%2B7Thk%2FCPQ7ga9sGh3RZ8c68g8Yz6Ibk%2Ba%2B68%2FlDQcWiPEtWdu6HIz%2BbPgzW5q00CA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036784eb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/sheets.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/sheets.png
IP 104.26.6.145:0
GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= sheets.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=32p%2FHLAdwHdnwH6SwlFQd4SdQ4qAREiuLeAtRrbW57xeSjCtTxjjx7JvuC9zlVkDmKZ233rTpNxFBAcaE5uWFUBIKZ198noCXKSaMGHMI30E7YDzL%2FtsgsdG0aO5hW9e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368853b503-OSL
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
104.26.6.145200 OK 0 B IP 104.26.6.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiZGY2MDNhMTliZGU3YjA4YyIsInRyIjoiNzJkMDczNDhlNDA1N2RlYjJlODNkYzFmMjBiN2UyZmEiLCJ0aSI6MTY2NDE0NDg1ODQ0OX19
traceparent: 00-72d07348e4057deb2e83dc1f20b7e2fa-df603a19bde7b08c-01
tracestate: 2885732@nr=0-1-2885732-286479549-df603a19bde7b08c----1664144858449
content-type: application/json
Content-Length: 16756
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144857.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857; _uetsid=426c32303d2111ed92e52fa706e6976a; _uetvid=426c4f803d2111eda3c8df5b273fd8ee; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664144857824.1464110858
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:40 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7507303f3f02b503-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
api.forms.app/user/gettimezonefromutc
172.67.72.65200 OK 0 B URL HTTP/2 api.forms.app/user/gettimezonefromutc
IP 172.67.72.65:0
POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web2
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YfMeFmwCyerp7AAIVI4Jxfvi%2BD0A5hnf2XeHs%2FatX%2B%2FkYyH7E23oXIFW6V6JJDY8r1BMAHeCkOcO0Kf8Fr8tF9D0dG4ZrbtCPDTZ%2Bl73vIre8WFiTBHP61WAgyk5IZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730335a120b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/WhatsApp.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/WhatsApp.png
IP 104.26.6.145:0
GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zb6bGokFiNbr0lmSP9BDCsSRaJnyKnkPmfxSMRGy%2BsAT%2FaqH3rr9Jew326cMAxwOBDuoug9HmjhX%2BLtdoxvaPUaiISZJ34Pr0wO%2Bu8XOsT720jkpvBqtSEPnFA%2FKeDI0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036885ab503-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/templates-resources.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/templates-resources.svg
IP 104.26.6.145:0
GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:30:03 GMT
vary: Accept-Encoding
etag: W/"632d98bb-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vp9im%2FBmEAUjgNIiOahnzak2w7kivCeVuy0AwAq6elKWtbjuWIjoTJvxOLZTkpj1bT8mepJfD4cBv9UtXuLgDQ2GGCjEiDmn1kC87p3h5FK04uHcgMc0QiTt%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vendor.523c4.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vendor.523c4.js
IP 104.26.6.145:0
GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:17 GMT
vary: Accept-Encoding
etag: W/"632ac2ed-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVsnZFZNOKYX%2BWSdXkXuEUeBBpgHFymgVABH5k3Id1OYli4KAa2Hi68xJQGsvXcdGHB81b%2B5os05Mn14rJfvRzlB8attUEaG3xF4HXeiHNvMHsXtUBaPBLTg1UaMkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb87b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/swal.2ebcf.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/swal.2ebcf.css
IP 104.26.6.145:0
GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:22 GMT
vary: Accept-Encoding
etag: W/"632ac2f2-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWRfxbT5eSvsw9vm2vo9sTjOCmt2aeoWcF3bC1M7EGqk9D%2Bmd2sZRfKW5CCvV0EIasaHRrxhNscA9ZmCXb42%2FjdhpVxY8Qek3TcGIHAAUDG2PF%2FbHm%2F03l4YDJuVJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073031dc7db503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormView.2d11d.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormView.2d11d.js
IP 104.26.6.145:0
GET /static/js/FormView.2d11d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:11 GMT
vary: Accept-Encoding
etag: W/"632ac2e7-a5f2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=caAJBQN8KcEab6%2B1PIe%2FBMamq4HwOSfm8%2BJhruHp0uoBq%2BDolFl1sFAKzK7ONwr73pwnHNQShm4Lf%2FhUY%2F0mh4y%2BIB4JEQ5qltDVHe1e7Fr3qT2BkC4vF4E4lNvhow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730320ca2b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/help-resources.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/help-resources.svg
IP 104.26.6.145:0
GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:30:53 GMT
vary: Accept-Encoding
etag: W/"632d98ed-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fz%2FvSqujtpFGbxlLT3XH4i%2FzGlpXUM5OTTE1qS8NNENkvEUwskvQo3i1%2FktpgiciczcopwSHlLkO%2BV87TNLPj6y46x0DPSKQ04yEAXXEaiRUgXEEWC5%2BpJhQQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/apple.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/apple.svg
IP 104.26.6.145:0
GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:52:51 GMT
vary: Accept-Encoding
etag: W/"632ac2d3-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5OehQep7vkiq8CrFr1pLSRlGKq1qC4L8v%2FRBoTIzBOFC%2FN%2F1Mu6vgw2xdJ17lybsouP%2Fg6Emd6BGGWVb1D7Bw5bgM6sVjCNkqVR4m1%2Bi%2BbzB3ZztTqv5N6bEMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c886b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/trello.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/trello.png
IP 104.26.6.145:0
GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= trello.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j72rRqCgBqV2%2F1i7UtIquqw5bflHmNj9ZTXyVQHZEwcPbvJ%2BoqnyhBlmwNEJpKSMSWiNMNQa6cSVDxoIH5Q5g97M9ZH%2F%2Fz7HnJlHYDQm2mZG9uJmTHM%2F5krxPfPev80L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368857b503-OSL
X-Firefox-Spdy: h2
my.forms.app/static/img/logo-home.svg
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/img/logo-home.svg
IP 104.26.6.145:0
GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:52:38 GMT
vary: Accept-Encoding
etag: W/"632ac2c6-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2060
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jdyu3P7a01XqVuVg9h253hbIL3xyNGD2LlxKKdLaylhtvx2kFIomMCBvAL6ixHvw62as%2FpQCfzUvqZvAudJl7%2BS4ipvVT8l9nBwzG3SXcmjvBm19h4usZIow4n9CCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730351ee8b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/asyncstyles.7792f.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/asyncstyles.7792f.js
IP 104.26.6.145:0
GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:52:54 GMT
vary: Accept-Encoding
etag: W/"632ac2d6-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0HiSoV3HSNS6yIpyPO%2F9TMNQfaPx2YI10ObJHDhpoTbQa6JZm%2FAHvTGxW9r0WpBWGbdrB4QPPv2dFd3lTXDRojb4r8aBvvl8eY30fBlkCqUb2IXWjDd3IF3YsIkgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb82b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/phishing
104.26.6.145200 OK 0 B IP 104.26.6.145:0
Analyzer Verdict Alert fortinet Phishing
GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 11:31:32 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbMYoNUrRuwTwn3KIBZXq4CiYyRu7FYwtKuGsP49sJy2pEqx1iJOy5Q9%2BOIStWBgz72sZKv6M5%2B886cpLGBUNwb8uLUnsvEwJgyvbB4Ddl0TkpAFJjlndXlYjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073034fed6b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/app.8fc17.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/app.8fc17.js
IP 104.26.6.145:0
GET /static/js/app.8fc17.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:52:56 GMT
vary: Accept-Encoding
etag: W/"632ac2d8-3f33c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTdtmocBsT45z%2FwDNvSJ7cylIdN%2FxEUCMOmBetwam01pmpAWwdIxdbNW2fjP5p25xpJPTdUwxiUVTrM2xjWVUyLZ0EBjRKrVaKtHgVy095tVrsSU8V2gHMLLLgh4%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb81b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/blog-logo.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-logo.svg
IP 104.26.6.145:0
GET /assets/img/blog-logo.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
vary: Accept-Encoding
etag: W/"632d9857-ee0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WV7I8sKa%2BjLOSZLSb1ZnATTqGX5yYbRCROKPowDxagnWAgNnrlEiP3Hedu6luJqXvI%2BydYsrmA9FFnl0vyu5J%2BgrvSh6tM840WSSHkqWO6PPzxzZ%2Fj%2BNypaYBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036884fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/Google%20Analytics.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Google%20Analytics.png
IP 104.26.6.145:0
GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoodXKHGIktlqSi4Mc7eAeuYikfQfVlZ4lEma%2BBOjGq3Lh%2Fp5CA5nMoGrVNOIbq%2FS%2FkrFYHIIYJEcOcIS77mQ58Q7y3vkLrgxAFpwSOSELgKKwftts7ptAu8Jp4rXtsz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368859b503-OSL
X-Firefox-Spdy: h2
forms.app/assets/js/lazysizes.min.12809749.js
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/js/lazysizes.min.12809749.js
IP 104.26.6.145:0
GET /assets/js/lazysizes.min.12809749.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-1c15"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4oIy4s6W6Dw6eZEaV2r71igP59franlh%2Be056%2BnqGXJyS%2FDkbobQVgXNTsrACTBA%2FAl2Fl%2B%2FDvk5sGmhCuuDKrd7K26U6YAYRK%2B8FzjPkZ1tP3R4yeeCWAKVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c88db503-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/airtable.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/airtable.png
IP 104.26.6.145:0
GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCP3g%2FcbqRRr2s0B66xsHEi%2FaUU8tLSmjYzmXeDP1kwjcpk9x0OuqMeckAynFE7eEJZVBjycFZ%2FxGaB641nmkCbpV%2BTkUxApIcsUAqM1L83kmlSPvk01tP%2BK%2FOxSvK4s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86ab503-OSL
X-Firefox-Spdy: h2
my.forms.app/static/css/asyncstyles.4869d.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/asyncstyles.4869d.css
IP 104.26.6.145:0
GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:07 GMT
vary: Accept-Encoding
etag: W/"632ac2e3-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tutZGPrJ6kLWgtTnbxw%2BAQlvPu8I9NZNnFOaHB3OBlpoHn7besfjIHPP9zj%2FQq7wdHmG1zz0ejXAS2Orfr4d1G7q%2BUKZegoMrTP1slE3MMNIJ8D8908Se5OCiK1EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
104.26.6.145200 OK 0 B IP 104.26.6.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.1.1664144864.0.0.0; _ga=GA1.2.450126566.1664144857; __asc=a8f56e7118376c3591e7e890934; __auc=a8f56e7118376c3591e7e890934; _gid=GA1.2.990757285.1664144857; _uetsid=426c32303d2111ed92e52fa706e6976a; _uetvid=426c4f803d2111eda3c8df5b273fd8ee; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664144857824.1464110858; intercom-id-tt7hkkgs=a2665875-3c9f-4137-acad-dc167515391a; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:45 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 75073063aa4db503-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
172.64.156.26200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 172.64.156.26:0
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75073030e9c5fac8-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext
IP 142.250.74.10:0
GET /css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Sep 2022 22:27:38 GMT
date: Sun, 25 Sep 2022 22:27:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/facebook.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/facebook.svg
IP 104.26.6.145:0
GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:52:38 GMT
vary: Accept-Encoding
etag: W/"632ac2c6-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MJVYKrq1pwbbIYiChahh0faxmyrA8dd1CwTySbDQNEj5ar8niOQ9QskYJMKaHX%2BWv55DglF2eJ0I%2FmjfH2QMspCmE0ZSVF8wqWayjTn0uiX4sGMLJSBZDiRdIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036b882b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/app.bb6f5.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/app.bb6f5.css
IP 104.26.6.145:0
GET /static/css/app.bb6f5.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:52:59 GMT
vary: Accept-Encoding
etag: W/"632ac2db-12356"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27f55VxsJbsvdmejxL%2F1%2By2vygyPUYeGbN31Y6EfnF1rRx%2BR4A5ASSllxaL3tTPdwf%2FrxQjrWZM15cQCJCiip%2BKaV%2F56g0iVrDQPGTI0YsLTC2lFlfyQDOl53ZaDIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb7bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/slack.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/slack.png
IP 104.26.6.145:0
GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= slack.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WEZs2IT9A6G4I%2FmM5gZok%2F2cUiwP%2BEHB7qFtKSLhb7fxYNKC0xa%2FnZo3d92Y99hQKbVs3vtRFtL4CePkmk8SSx3qFLjmXZFLYeGuC0DuwfHRf%2FWtA7IfPAw8GXQ8PXKm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368851b503-OSL
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/envelope.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/envelope.svg
IP 104.26.6.145:0
GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:52:38 GMT
vary: Accept-Encoding
etag: W/"632ac2c6-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Txutg%2F4Ypr9pQJm1A90QKsxbCCgUj5hKNKafFDjvksVpBsKVPyPGubGuHPgDfhT7JYt1ZRgKZffoiNWkJ6OiB0fm4eIuR6pBsFW4w0An0kln0Q1APKrpipEKUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c887b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/dcomponents.15d95.js
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/dcomponents.15d95.js
IP 104.26.6.145:0
GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:53:09 GMT
vary: Accept-Encoding
etag: W/"632ac2e5-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1213
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9TIhV7yj%2B0rWt4y7qPtPIaJOTzIZlG7u1z4tKb97iJIP3NG8HcZ8c99dVuvufY36AoQ5lb9j%2FijjRvLNW5sq6CdRgLbMf%2FpRYhmIysmezft3iy%2BXLGMgmgBk4HoQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb83b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
IP 104.26.6.145:0
GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:22 GMT
vary: Accept-Encoding
etag: W/"632ac2f2-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYYp%2BAadfR5QqiZ8Y7Yr4DygVPHmajtv%2B39aT7I7IdRQ3KhSgAJNHDydMHhKoMeLgy%2BJ78806hRAiVVe9E3DJc8i1qsy9z2bs37KmuboBWlV37VmxOBce6Eu6XclLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073031fc8eb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/google.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/google.svg
IP 104.26.6.145:0
GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Sep 2022 07:53:21 GMT
vary: Accept-Encoding
etag: W/"632ac2f1-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eB2grCYJbTgwkVNUQ1exIINaOb8KfL%2BmzhYCbJXXlasxq7hrf0B7OcDAU9yEMzyj1tBWmoQBnKACMo8PCmx9W2CGhPcwze2HRJXSgRpbbPfzoCRi5I9wwPrkjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a872b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/js/login.fb59ba75.js
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/js/login.fb59ba75.js
IP 104.26.6.145:0
GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zEbcKqLG73htVjvOS2lKD2%2B6ordWYLUccsMaxWUnVJNd6dFyIY7NzWOFiavSSC4tCb58py1DP7Cc48N7NFoUoQcqID4d%2F8h3d%2B7ziZ2UnOqCbeZPF5N2YZKvOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036c88cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
js.intercomcdn.com/vendor.58bf4134.js
54.230.111.62200 OK 0 B URL HTTP/2 js.intercomcdn.com/vendor.58bf4134.js
IP 54.230.111.62:0
GET /vendor.58bf4134.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103175
last-modified: Thu, 22 Sep 2022 09:02:20 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: eos8xj9gnlmhlNfXzSYn.0lvA6_CiGy2
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 21:03:41 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "c5c7554fee6470af01ca223ef9648618"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: L3IUzy5jcNuXLuL-5Zkh9Oywr8fYUf0Yo4anrEdcpxCvOYcIzWqGjw==
age: 5039
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
my.forms.app/form/629b6312bd94a175bb849970
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/form/629b6312bd94a175bb849970
IP 104.26.6.145:0
Analyzer Verdict Alert fortinet Phishing
GET /form/629b6312bd94a175bb849970 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/html
last-modified: Wed, 21 Sep 2022 07:53:14 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GOh8kVxypfl5ATTVqymjIFDkM1Ej%2BI3kbjHZWmhv7fi9EUyPMziUThLPk4FBA%2BhCvYkLlqejvL502AbHs52Vl6ke%2FYrg7pLS%2FSQ12rqhrvYRjkzoXvCYHrRjLjUlKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7507302f1a2bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/blog-resources.svg
104.26.6.145200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-resources.svg
IP 104.26.6.145:0
GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
vary: Accept-Encoding
etag: W/"632d991d-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkwT9%2FwjyGr8HrXaJmRoHGqvZIMvy0RzInxH%2Bw2qlh3ZAnhV%2FoXxIXjYrgHRBGdTgfxg9U6XC87tQhO6fXWDyPe1G4mIGu1frkX%2FA7d%2BnYcBjTj0cbdku%2F86Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a86bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/hubspot-crm.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/hubspot-crm.png
IP 104.26.6.145:0
GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= hubspot-crm.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KLiJ9OJgdedRpYhWrccKafVhERQYSlO%2FwxL1Bf%2FYIDAefIwKkmXVg32%2B7FUbX2ZwbgHslmPHPXBWatXFI5N7Yeal%2B%2Fb8%2FSPoJ1rGS3ataSAi7XhyKO3lI90FprhpHy3N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 750730368852b503-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/Notion.png
104.26.6.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Notion.png
IP 104.26.6.145:0
GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1557510503.1664144857; _ga_740JKHV4FZ=GS1.1.1664144856.1.0.1664144856.0.0.0; _ga=GA1.1.450126566.1664144857
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:38 GMT
content-type: image/png
content-disposition: attachment; filename= Notion.png
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 20:04:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osQRMAcERi68dsKkREvyTdEvDIHaB8%2B7iOdQnn5nCXwp2v9rr%2FuPamfUlNeScKvFtEbln4luGfz4CDFCCwW%2B7%2FQFPF16qsvbEKR9ljIk%2B7HaoU%2FI3lwWf%2B0cJcktMlOB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073036a869b503-OSL
X-Firefox-Spdy: h2
my.forms.app/static/css/vendor.88295.css
104.26.6.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/vendor.88295.css
IP 104.26.6.145:0
GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 22:27:37 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 07:53:06 GMT
vary: Accept-Encoding
etag: W/"632ac2e2-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWJaWU5oR8wTArtTipc43DkrH9eKxrw387yvhCAzuvUFormmd2ZK9vknv%2FYJX8oOWzD9bBj8%2FKFc%2FHHQt3CRzkzIXJfeZAXE1cNzNj6V27URYXAO4j1eCiSbtXJftg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75073030bb78b503-OSL
content-encoding: br
X-Firefox-Spdy: h2