r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8355
Expires: Thu, 10 Nov 2022 20:52:56 GMT
Date: Thu, 10 Nov 2022 18:33:41 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a19a5555cc9ea92581b0cc504cb64345
01a86ce33d5eb33420ed76266360f32c62a96f31
9ebd48b4053bb4a7a27718670c44075b1f35d037be7fd16750fcbc3ffd68b18c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4899
Cache-Control: max-age=148745
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:41 GMT
Etag: "636cd2eb-1d7"
Expires: Sat, 12 Nov 2022 11:52:46 GMT
Last-Modified: Thu, 10 Nov 2022 10:31:07 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a19a5555cc9ea92581b0cc504cb64345
01a86ce33d5eb33420ed76266360f32c62a96f31
9ebd48b4053bb4a7a27718670c44075b1f35d037be7fd16750fcbc3ffd68b18c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4899
Cache-Control: max-age=148745
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:41 GMT
Etag: "636cd2eb-1d7"
Expires: Sat, 12 Nov 2022 11:52:46 GMT
Last-Modified: Thu, 10 Nov 2022 10:31:07 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc90abd8b3ea8e75a68c144d74d75788
1ce29dca1ee9ca8931397de31ffb6cf7833baaf8
807000997bcf1b7a1fa35e43908cbfa54cd1704a5a0f53c09e1ae154638f10e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "807000997BCF1B7A1FA35E43908CBFA54CD1704A5A0F53C09E1AE154638F10E0"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9867
Expires: Thu, 10 Nov 2022 21:18:08 GMT
Date: Thu, 10 Nov 2022 18:33:41 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 15c71a691ec6dc939204aea56fde1d40
f9831ecf8f454ce150f087134620dba1834e0fc6
ccae915ca5203946084565b2a1fbf8d5120a8d5735ec54f2731020c029e92c63
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3490
Cache-Control: max-age=122105
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:41 GMT
Etag: "636c705c-118"
Expires: Sat, 12 Nov 2022 04:28:46 GMT
Last-Modified: Thu, 10 Nov 2022 03:30:36 GMT
Server: ECS (amb/6B90)
X-Cache: HIT
Content-Length: 280
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: O03hFGqa1rzgCkqPjCY7scFmwcVak8pTTu13xhvgyv3+EJdqLJJjMN6WTlucwy5so/V56WMBQ5Qfgkn3b6fp9Q==
x-amz-request-id: E78RGYBKP2R1KVQD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 10 Nov 2022 17:49:29 GMT
age: 2652
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 18:33:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e52e7140b8ff801216e320465aaa4e92
ec100bb3d0f44db11c084d73fa37a323bec79001
0d2c7d126b144ced84adee8f20059093af5ed2ce7e2822f91832bbe37481e8ef
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1109
Cache-Control: max-age=131249
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Etag: "636c9d62-117"
Expires: Sat, 12 Nov 2022 07:01:11 GMT
Last-Modified: Thu, 10 Nov 2022 06:42:42 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
my.forms.app/static/css/app.05ff3.css
104.26.7.145200 OK 16 kB URL HTTP/2 my.forms.app/static/css/app.05ff3.css
IP 104.26.7.145:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f2709701a2f0d3984fcb763723d2339a
29461bcaf1effb995da7038e301c18c61401ec64
a0c9a20f4bf90a38d7149ba0ca7e97e2dfac59aa6771973e9edc7937a35f6f49
GET /static/css/app.05ff3.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 12:04:42 GMT
vary: Accept-Encoding
etag: W/"63610b5a-12577"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRaJhdf1vi%2F8xPo6KM8HNgIvsIuotmcJiTd1BCyLn8CkIyaj8sBY2UAKn4agggiiULll5uwpb1%2BZ2lUioREc%2BvD7fAWU8z6LYOOrzr63RtlySYX7jCXX3P4cEzP%2FTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c5fc59fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-WPSL383
142.250.74.168200 OK 82 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-WPSL383
IP 142.250.74.168:0
File type ASCII text, with very long lines (16916)
Hash fe5b6444bfb19d4de1f9ab59d97b2735
2701d5eb3f5924027c9c7998a0db267c816ec579
7865b23e26cedfb7ababd00ea0809033b6c184f5aa5970cbc7f199bb98368430
GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 10 Nov 2022 18:33:42 GMT
expires: Thu, 10 Nov 2022 18:33:42 GMT
cache-control: private, max-age=900
last-modified: Thu, 10 Nov 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 82127
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash abc1b6dead712b3905b9b0c0c8b63b56
e63b4c3f61604e313af85d9577866b98f75faa2a
fe7ff7563830e4fd0ab0af0eb929ca26e7a59d6ac147115d127a9585867d139a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 081ea13ba4390a4baab25cf57c2672f3
30cc9c329228e3d7bc6041f1aa553f06f8136eed
5a48c189581edd8ae4a4e58e2d54359bb75ba769828436394e4c256fe861814e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2370
Cache-Control: max-age=141161
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Etag: "636cbf2d-1d7"
Expires: Sat, 12 Nov 2022 09:46:23 GMT
Last-Modified: Thu, 10 Nov 2022 09:06:53 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 83b99092f19a38763c0b6ffc5e05e5aa
4cacf0a4adc46e28bc867d666a3fb45738dd1501
168478f1e03d83548fbfeed6dfad20ef23cb5a1dbf18f7312e5cf6dd290e9339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
104.26.7.145200 OK 11 kB URL HTTP/2 my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
IP 104.26.7.145:0
File type ASCII text, with no line terminators
Hash e6e9fc29d2450b0270729008a7087b3d
ecc3644ba1a4351a5a49c5088f1ccbc2556ad9e2
de7dc01e588529b78e9f95953d6579c488bb32fe5ce4a1dfdcbb6dfc8bfd0609
GET /static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:03:56 GMT
vary: Accept-Encoding
etag: W/"63610b2c-114"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8HwvNjilT3QK%2Byei2K%2BFO%2BGydu6n0%2Fc%2Fml1150wXjnoQ3%2F5XzvRL%2FCDwqHAVOk9Zc9%2ByTD%2BwxJP9OFIr7schDOAhZbxY5BbAgqa9EWccI4mMsoitLX3wEgqbxq6EIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c79d9efac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 83b99092f19a38763c0b6ffc5e05e5aa
4cacf0a4adc46e28bc867d666a3fb45738dd1501
168478f1e03d83548fbfeed6dfad20ef23cb5a1dbf18f7312e5cf6dd290e9339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.forms.app/form/636ba97de5740e14f4400eb7/view
104.26.6.145204 No Content 0 B URL HTTP/2 api.forms.app/form/636ba97de5740e14f4400eb7/view
IP 104.26.6.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /form/636ba97de5740e14f4400eb7/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 10 Nov 2022 18:33:42 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yY6xf2aCzgd2MfLMeO7JvLhX%2F8biWD3wwaB%2Be0VUEmGMMMvuz540at7fdRrFhruMC%2FL3SWFVwDJwYAQfsSjnrKvKcrcl8upFBYfmqEXqsMfvv30UvYi0YWDeeZzQYp8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c91e7db51d-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6bbfc6315b9228fd41cc16d1b2f54feb
2f2ca82eb3ca303268b03f7aa80af90f9380e8e2
9a593b197ba164b8fc74cfe6feccd57e05233a642d1dd8065c6723cee2c15701
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 05:42:51 GMT
expires: Fri, 10 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 46251
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6bbfc6315b9228fd41cc16d1b2f54feb
2f2ca82eb3ca303268b03f7aa80af90f9380e8e2
9a593b197ba164b8fc74cfe6feccd57e05233a642d1dd8065c6723cee2c15701
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/icons/apple-touch-icon.png?v=1
104.26.7.145200 OK 2.7 kB URL HTTP/2 my.forms.app/static/icons/apple-touch-icon.png?v=1
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cb786563c2eef055649de3d77457360c
b05739e2784fbc04431d913192bde24b4f4d2b64
31e7a128d20d057dfa1ecc2b866c094f944cf03846615c716e432c7641cd2bb6
GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Cookie: language=en; _gcl_au=1.1.846747874.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: image/webp
content-length: 2688
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5681
content-disposition: inline; filename="apple-touch-icon.webp"
vary: Accept
etag: "63610b58-1631"
last-modified: Tue, 01 Nov 2022 12:04:40 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xKLn4QHNNHflbzIV%2FIsP0a3I4DenweK%2FoAYKvnihLzDkdPnRnJ6wrQdeyfqdykz%2Fp2CLiI%2BHqKQ7gT1O70JFZeAt4eVJRaP%2Bxmpaif4xLSTLHL2y%2BXN2FAEgmYpyHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c9ffbffac4-OSL
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 2fe1e0c50cbb86b0c379ed78416df9c5
3e2c958bf438bc1486502253d613527fde7fdb25
57ab58b1840406037c30d4031235b6a715ee6f96f2574ab1eb93c5f4d6894bcd
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11376
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=0460D3CBA33F66472F12C193A2CA67C8; domain=.bing.com; expires=Tue, 05-Dec-2023 18:33:42 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EB5971C1C10C45AC988DA2CF1B5D63CE Ref B: OSL30EDGE0122 Ref C: 2022-11-10T18:33:42Z
date: Thu, 10 Nov 2022 18:33:42 GMT
X-Firefox-Spdy: h2
my.forms.app/static/js/vuegtm.3359a.js
104.26.7.145200 OK 9.1 kB URL HTTP/2 my.forms.app/static/js/vuegtm.3359a.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (10032), with no line terminators
Hash 497b034d7072b2ae79a21aa01b4de1e9
a4757a816c06f1b69140f0002eb6c8515c603569
4093b87902e07a2b3acd78a601e72cba05ae278c89d998bcd8bc5490a9e6da36
GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:03:54 GMT
vary: Accept-Encoding
etag: W/"63610b2a-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7J3x2u0Wxl2uWR9Y6uXCyDFFgdxu5I2pLrdJJYY1KOPbm29NPrHW94apceVLnqCnAURLsiXL6K1GPchSbZA2kCgJ360lFaQz9%2B2nzP3RwD%2BAjEZKwIJRzSs%2B9Mnukw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c76d74fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 10 Nov 2022 16:41:09 GMT
expires: Thu, 10 Nov 2022 18:41:09 GMT
cache-control: public, max-age=7200
age: 6753
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7c89768eee117880b59f8644d2138e52
49a829a38293c8f1eb86dbbccc82017f1d5d86bb
c512960cca090441f3c7e9ffea25448965eb4068d1506b8afa6d391b3c3a07be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7c89768eee117880b59f8644d2138e52
49a829a38293c8f1eb86dbbccc82017f1d5d86bb
c512960cca090441f3c7e9ffea25448965eb4068d1506b8afa6d391b3c3a07be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/js/iicon.59ea2.js
104.26.7.145200 OK 4.0 kB URL HTTP/2 my.forms.app/static/js/iicon.59ea2.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (13470), with no line terminators
Hash 4d10b292576ad51bac1cbd59e18beae8
54a2d0e78a764710de37a122b6c374a6aaab1313
f27b50c549c7d3b18a4e0725ef60ceacede7e743f8b3a6573d4cc79e5e0103d1
GET /static/js/iicon.59ea2.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:46 GMT
vary: Accept-Encoding
etag: W/"63610b5e-349e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hjm4PTBdbZa8jkYwBVwgyUlQjAiq%2FTcJzd0VZfhMdjV%2B%2FsrG4T%2BSvZlpYi5XJShmaBLnwtuupg%2FlFjsYeX55r9Sf3Ce%2FrhTPkevt1uaw7KJlHGXAXrNc1N27CYmlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c60c63fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 0ac10debd3a9ea8147a26d045bb93e6e
ff45f3442508e8695f2303701682ebdb6e016464
5dee7b453b2c72c07ff1d62432493a044507835a8031ea62edf2fa7cc26219b9
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 5kjPBvErtWKwdn92AsBoj3I7r0xMNIksaRxAzaDLLOhu2yviEHvJM4inimS8lsSNxUGEY9ksy045ylJIxu5DUA==
priority: u=3,i
content-length: 27337
x-fb-trip-id: 1904183273
date: Thu, 10 Nov 2022 18:33:42 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash afc55511c7066ad08de213ef5e860002
d5a172a4998270aed3e79d606cd2c332d9c25b58
db868938549b28cc9920ca94971023fd3b010e7bec9fda2faac83fae034eb78c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4745
Cache-Control: max-age=97822
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:42 GMT
Etag: "636c0c9b-1d7"
Expires: Fri, 11 Nov 2022 21:44:04 GMT
Last-Modified: Wed, 09 Nov 2022 20:24:59 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
my.forms.app/static/img/form-disable.png
104.26.7.145200 OK 9.9 kB URL HTTP/2 my.forms.app/static/img/form-disable.png
IP 104.26.7.145:0
File type PNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data
Hash 284c5d4bb722101d9ce5f925f5c0b9e7
c610bce010897692b228623b36a8da6e78ade7f5
d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650
GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/png
content-length: 9896
last-modified: Tue, 01 Nov 2022 12:04:14 GMT
etag: "63610b3e-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lyTY9%2FRsBbZxSUQfPDtKUNPl8JuuQrj0zr7R1XJC6davIj91jQZgyxbVBVOREz7sWeQ9%2BFqsywYguKVWdZUcB6JVrakk1BS1SNGu38yJZnoQrTZYEq4zUwNehSGREQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cb0895fac4-OSL
X-Firefox-Spdy: h2
forms.app/phishing
104.26.7.145200 OK 28 kB IP 104.26.7.145:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31063)
Hash b089de49bb42e49d93e9f9d4712ba0f7
871a3c2bbf13429e50495684eac63286aa6b97de
d75e3d28e81d9612a405fa7ddf7d36faeb66d75debd4367bef995cabaf0101f7
Analyzer Verdict Alert fortinet Phishing
GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: text/html
last-modified: Thu, 10 Nov 2022 15:46:11 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlczLFTX%2BT%2BEx3VSL0mKj4C5onM7hafMHHUaISszzLuM6UJa1xOkQGthFT6tY1WSLUdMuDewxfgp%2FL8E73enwdrWnSYxIdfDox97aTB1vPVbNgn2dE4Czo%2Fpyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cb0893fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/save-40-halloween.png
104.26.7.145200 OK 1.6 kB URL HTTP/2 forms.app/assets/img/save-40-halloween.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 92b67727fd0536c9a8946acfe47cb03b
25d32f2e09f5d4c7483891d3abaf87eb23748ac3
be961b4b5127b287a148ecfa3685fe975f64d507b4ef9875a0d4d2a620e72159
GET /assets/img/save-40-halloween.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 1638
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=3311
content-disposition: inline; filename="save-40-halloween.webp"
vary: Accept
etag: "636d1d88-cef"
last-modified: Thu, 10 Nov 2022 15:49:28 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WsHB9s0YDEPZ81nAngEN9ECgLGmqVd8ooy11ohOC8eMbKCAWJKGjldfZJAy9rG8AbpZzbBdgtAJxVDpmLzR1FPYyKntwwpfPTJUrhjajv6u9nzU8wAXQqQRvlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccb9a9fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/bat.png
104.26.7.145200 OK 612 B URL HTTP/2 forms.app/assets/img/bat.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 550de7266706600f0293e604c472a511
3ff8536f2175eb1b3d8f5c9e9e0f0293134a929e
4a39c21d8cf33cd74228af68ed9649df6047ec91005ce3baec1995bc53fd4126
GET /assets/img/bat.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 612
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=1525
content-disposition: inline; filename="bat.webp"
vary: Accept
etag: "636d1c1e-5f5"
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZF59RsMeANV9p70B7dGamEm%2F230NSi8hoxLHcBjaA%2BeZg8WVh708rr0s4OqcekxCwwuTWLJO6qbrMi098iqdITleF0V9P9jzp47PxdKt2txBR1XlnJF8nWBCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccb9acfac4-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/mainheader.a2924.js
104.26.7.145200 OK 5.0 kB URL HTTP/2 my.forms.app/static/js/mainheader.a2924.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (10046), with no line terminators
Hash f1e05be5b4a9110becddd8bc0581735c
db74524c0c55443b2ffe05f7e616ad6af5dc52ad
bb896e3850bded240dcbd22f05e9791fcbdf16435161cb77b8fc9bd9b8adfda7
GET /static/js/mainheader.a2924.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:15 GMT
vary: Accept-Encoding
etag: W/"63610b3f-273e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l4p1MSvSevaVUkQbr1pv5Dn30M%2FWFwJL6byl7IfHi3NcBTJX932kyVWvA7SBs6sSdCpJ18IWjOCJtY7EIyowti%2BReqYstoAU%2FflNpdW5E%2FaBNmU3onufCiJX0HxE%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c7bdb2fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/shield-halved.png
104.26.7.145200 OK 616 B URL HTTP/2 forms.app/assets/img/shield-halved.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 832ba54e0a858d719088a620515e55f3
785d35907300ec18434e6d6674596118e70ee34f
bd18ae9ec05339cf7af594d92607b5a5b1f972ae250e06a9a172651d36165d88
GET /assets/img/shield-halved.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 616
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=1529
content-disposition: inline; filename="shield-halved.webp"
vary: Accept
etag: "636d1cda-5f9"
last-modified: Thu, 10 Nov 2022 15:46:34 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I11yedTvq1xGgVf%2Bs%2FpxDt0s9Pw143DkS3JBmlDFyqw5RcapNTJ52uA3QQYmWpRThnoW5YF0013nDPMJWhqQya02QIgVYuGK0X%2FRTkGSY2p9D0j7AAOvUKr%2FPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccd9cafac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/save-40-popup.png
104.26.7.145200 OK 57 kB URL HTTP/2 forms.app/assets/img/save-40-popup.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7d8a19c5025afb9767a1a1b39acddac9
d45341908413e6b286a2ed2187b97575317e4909
347a59c050affa47a1ac2b9150c48a33b6ec6a5155aaf5414ad21088ef57b953
GET /assets/img/save-40-popup.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 56626
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=98218
content-disposition: inline; filename="save-40-popup.webp"
vary: Accept
etag: "636d1d88-17faa"
last-modified: Thu, 10 Nov 2022 15:49:28 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4ATiMbNXWa0QNV2W5%2BdUVzIgO8m9oZih7oPiYw%2F95qz0XSVGmbDj2OTfBDjaKQw4Di9WHv%2FuTCrXCWlG7IoKywgB2gETyP7CdnYL6SCtK7vA1cI1qbrjh307w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccd9cbfac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/Notion.png
104.26.7.145200 OK 764 B URL HTTP/2 file.forms.app/sitefile/Notion.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 17984374f1d4cdfa0a9c4c27b2afd35a
42210faedc5bb62307c310680fd73f3e5fd54cb6
9c23c62fbc17a94e83d0cb1505827d6c96e56f8ebac3ed167957c41edcf0273c
GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 764
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=1596
content-disposition: inline; filename="Notion.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MmtcBsH12kyXPzqTzGyBxgkvEtsMSAPc7PjWfbYQb4gYFqN%2F49IletvtMlaWSKcD9ZaX%2Ftw0tJK087kYxz4MXCaVl7ceDin6d4RWtOaKDVDYHOfZGdKIzsMIdU8hGeNN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9e1fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/tree-dark-1.png
104.26.7.145200 OK 2.2 kB URL HTTP/2 forms.app/assets/img/tree-dark-1.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 99d63a20452543b116351940c0f37be0
76eead6bb8f11241d69c00e7cbfe2d8bcf7df1db
b224eab681b3ea314cf0d5d434cfafe179765e2b651802beb9418d4d1e336fea
GET /assets/img/tree-dark-1.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 2194
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6990
content-disposition: inline; filename="tree-dark-1.webp"
vary: Accept
etag: "636d1c1e-1b4e"
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0pfd%2BKbeusVZl1B6GPRGu8TNrA3uqqi6tLueZQxfp6igAu1jBlWMMgTC8eZcKz2EixYTKLRHvWSNlbi0AAictHRk7jS8NOb%2BSxdsFH%2FOl7pqO8fe97KInBkz0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd09fcfac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/spider-web-big.png
104.26.7.145200 OK 3.7 kB URL HTTP/2 forms.app/assets/img/spider-web-big.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash eb281fe74323771f337eb65f4c60545b
e7c8dcb23c7ce45740359f3cfa4e3142e4e0295f
6b731a392b2823671e5d4403a457a1026439dc26a4ef717ac4ff89655c34aa21
GET /assets/img/spider-web-big.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 3690
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=11806
content-disposition: inline; filename="spider-web-big.webp"
vary: Accept
etag: "636d1c1e-2e1e"
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXZcOQiqO1vgU4PtKlnxI0xROn6vDWWur43FjFTrbIHtrbcOAY9WEnEy2ipNxsSFE9o5JBjxH%2BoV9xeNblc7i043x7%2Be7iTTquvJaZIvEwgh2nlicRE1AnGjVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd09fefac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/tree-dark.png
104.26.7.145200 OK 2.6 kB URL HTTP/2 forms.app/assets/img/tree-dark.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 74eeaedeea24472de27a94277dba9da0
6315826c42ebf6d03281d1e81be88fb1cecb67e9
c4670f357094432b7ff904335fb7f0206995ac872f5315d971e45965783959f6
GET /assets/img/tree-dark.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 2622
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=8425
content-disposition: inline; filename="tree-dark.webp"
vary: Accept
etag: "636d1de1-20e9"
last-modified: Thu, 10 Nov 2022 15:50:57 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJbOtk8cjQ2%2FWE1AQ8ZBfd%2FSNaK%2BKHR7VeWffLz5u3Oe8P28RWGxW3y2Bmp7vsM5eEkMNnhPhlQpEevmkm03HofKbaCmbEstFYSosFfQvDwQyqqIpHzM2xouqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd09fafac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/spider-web-big-2.png
104.26.7.145200 OK 3.8 kB URL HTTP/2 forms.app/assets/img/spider-web-big-2.png
IP 104.26.7.145:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e1ef53305e7885c51b335e9f1c1c54e1
8b188a2af8c85816377c3bbb52a0c104503137e2
890369c535c8b9dec7acbee939cea3b9ec69919c336dd631b6811e408fca8a0c
GET /assets/img/spider-web-big-2.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 3756
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=11990
content-disposition: inline; filename="spider-web-big-2.webp"
vary: Accept
etag: "636d1c1e-2ed6"
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u6Efwej9eecEjB%2F32YPUcL9U2s4xgubb4hgEKGDZbAdZOJtao87qqtSBaju2%2Bq3kXBjMm46G%2BfNwuIHuwdDafJj8VM2tXHTmRz%2FGSy8aN3yhSXX%2FxdSEDEaTJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd0a02fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/form-builder-blank.png
104.26.7.145200 OK 68 B URL HTTP/2 forms.app/assets/img/form-builder-blank.png
IP 104.26.7.145:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 3be1e662f7d923c81dd88185cc14d33e
356c3df51fdce6fa505304b7eb52af9cb7105f09
643ac89572093a4c907c1af802b3d354453c64d545dc3f1be1ce689046064511
GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
content-length: 68
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=149
content-disposition: inline; filename="form-builder-blank.webp"
vary: Accept
etag: "636d1c1e-95"
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5A5GBUY3inwWqR79ZTlvp2KAcR1CZI586EFOyqByL0K09XK7MmvWiDH1Ox45%2BK%2FBpHs5xOTPMq%2FRJIkj8tKljx6k8bzmRhTaRc1%2BFH8t8uMY7EbOTU0nQz4Z%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd3a22fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/iconfont/iconfont.woff
104.26.7.145200 OK 18 kB URL HTTP/2 forms.app/assets/iconfont/iconfont.woff
IP 104.26.7.145:0
File type Web Open Font Format, TrueType, length 18416, version 1.0\012- data
Hash 64f7aa12b6b4451be569df62604435a5
45ce2923a9a7c71988b1528c07379233bae693dc
552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42
GET /assets/iconfont/iconfont.woff HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: application/font-woff
content-length: 18416
last-modified: Thu, 10 Nov 2022 15:43:25 GMT
etag: "636d1c1d-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUZOlcRLjvgOEGyQsLsc0SA365x6qZRPqtpZanzHjVxlN2QFdE7mF6%2BjN56Fu6Fo1wTwhJvKuXz3rdebwg8hzHjWULxe3v8%2BGFJHNGKpIkFVlhJ6bCbuVXhqiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd6a40fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/js/lazysizes.min.12809749.js
104.26.7.145200 OK 30 kB URL HTTP/2 forms.app/assets/js/lazysizes.min.12809749.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (7189), with no line terminators
Hash 8bb77bdb52be9ef95ef008c16ef320da
4bf1e915924532dd7abe621d6782578c92eb09de
875332afde7be083ea861b4afb13c3dd07abbf405d7d8511cbef0f1504595f4a
GET /assets/js/lazysizes.min.12809749.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
vary: Accept-Encoding
etag: W/"636d1c1e-1c15"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qwITNetdvIUrGwLBl6KMQjhLI555FX5z%2FUm%2F6MkULMI%2BYijXYMbqnlPPDW8X3Qij2TPu9iJq7O%2BEDNoHgT%2BImAE3%2BPwEv2YpwPoNNwBXsogazUxudsHgcc93JA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd6a3ffac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/icons.df638.js
104.26.7.145200 OK 69 kB URL HTTP/2 my.forms.app/static/js/icons.df638.js
IP 104.26.7.145:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ed2e3621e81244df813d07d24af3939d
ca0fcc1ff6a6f680ea7fd321f16b4d6060283c8d
39c78adfd6b309adff3977cfd1961bef1f95bce3e254f7698205e755aac5a479
GET /static/js/icons.df638.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:16 GMT
vary: Accept-Encoding
etag: W/"63610b40-3b710"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 368
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5%2BJFqusfu3z6m%2F7fN6khXn6C0msgA45m%2FTzXjegrbZempcv8VyBy1VCPiCD4YZPBCnQHFYGXEH%2Bp0FCjCyQyz0E7hlxSKnUNVnw79dRxNybS58JLXg%2BlSLeaBO85A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cb18aafac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/apple.svg
104.26.7.145200 OK 3.2 kB URL HTTP/2 forms.app/static/img/use/svg/apple.svg
IP 104.26.7.145:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1042), with no line terminators
Hash 5a5dfa0d26a612c30a4aa983bc6ae42d
e33ac74c0ccb01fb5e32521bb8ec9c409c0264a8
6c705180c7e1a7d498850c6aeae48ad5002b6b70fba3b239ca348c3a915a156e
GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Tue, 01 Nov 2022 12:04:33 GMT
vary: Accept-Encoding
etag: W/"63610b51-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxsSI1Y0f3ITeAgGB31Xz%2BPGsU2P41AAadIMM8rDg5ua3HHG5j2wHOhrpfNL77om2Es%2Bf54Bybhl1fU2O09mTX8TQoTrR0vWuoJ8gTvgORSbUy3aHLIybzwqMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd6a3cfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/img/logo-home.svg
104.26.7.145200 OK 8.0 kB URL HTTP/2 my.forms.app/static/img/logo-home.svg
IP 104.26.7.145:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 686a1cb600c389957aedd46698237ed3
76dff31bd12571a6b11e062f85842e62ddf7cf8c
9f8c6ffab9cc2537aa515cfdb9dca6e417e086afb4b1b5b4ec309995f379576d
GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: image/svg+xml
last-modified: Tue, 01 Nov 2022 12:03:49 GMT
vary: Accept-Encoding
etag: W/"63610b25-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 367
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBP1y2Tynff2zaRxMGVhansAXpGjsylPzEdfeUH1CslqA34%2FbI8DNBCMDmuue3FVbRdbPGwrXH3R3dga0eEowIXAXUd9IkpmN4qxBofnkLZnTalAjbgmoU7lUe%2FmiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cb0894fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oeb70&_p=1410237210&cid=1915409694.1668105219&ul=en-us&sr=1280x1024&_s=1&sid=1668105218&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F636ba97de5740e14f4400eb7&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oeb70&_p=1410237210&cid=1915409694.1668105219&ul=en-us&sr=1280x1024&_s=1&sid=1668105218&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F636ba97de5740e14f4400eb7&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-740JKHV4FZ>m=2oeb70&_p=1410237210&cid=1915409694.1668105219&ul=en-us&sr=1280x1024&_s=1&sid=1668105218&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F636ba97de5740e14f4400eb7&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://my.forms.app
date: Thu, 10 Nov 2022 18:33:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3bcbefc7ca38be64e1b429f31699e126
045db0c48940c09531da650e9496de433ff8e802
48541abf323c3685e2d0da6e14d245725fc615bd3fd4c1667dbfb05b5d7bd0cd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.linkedin.oribi.io/partner/3845852/domain/forms.app/token
54.230.111.78200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3845852/domain/forms.app/token
IP 54.230.111.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/3845852/domain/forms.app/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://forms.app/
Origin: https://forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Thu, 10 Nov 2022 01:01:07 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9im3AMRBjGB0bfYtOXdLa6F4uk17Pay-gL9g9XiGcznSIQPhoVhhBg==
age: 63156
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 9cec7fd19118aaeb5702dd97a8dd2b0e
40769764dfe2e1d216aeb0f18b935ad9e2fd9b11
0d10421ffd21c60df554fc54330fb769ea6cf59b8a795c14500defff88f8b366
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.app/static/icons/favicon-16x16.png?v=1
104.26.7.145200 OK 916 B URL HTTP/2 forms.app/static/icons/favicon-16x16.png?v=1
IP 104.26.7.145:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 7b4d7d6e0968fe900568920543a5876e
c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056
2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/png
content-length: 916
last-modified: Tue, 01 Nov 2022 12:04:03 GMT
etag: "63610b33-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8wNkHjBgwPni1oJEG3T6P4DSQrqp15FB9MxV%2FcxsB00ymRMDk%2BHd0MTU%2F3pD%2BFhksFdZcs7Wc1gmJnwQfbKnV1glK5VaRn6emXXaNM4DHBOLx8YXOTz5Hja3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ce3b0afac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/phishing.png
104.26.7.145200 OK 16 kB URL HTTP/2 forms.app/assets/img/phishing.png
IP 104.26.7.145:0
File type PNG image data, 647 x 173, 8-bit/color RGBA, non-interlaced\012- data
Hash 6dc4d5bf6c0edf6c5580179a95f9ba45
e569728801513f3177f2c92eddf0f22578f68760
3f462262606da182df7b8e840e32bcb1c1547596df43a691a5e33c72c7c54c09
GET /assets/img/phishing.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/png
content-length: 16006
last-modified: Thu, 10 Nov 2022 15:49:28 GMT
etag: "636d1d88-3e86"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCiRUWR0wZ1NEv2orcXPvX1yShTN11Z1zrPiqo0CQovZr5bdojvVokouAPTq091MjR31C6OqTPxbdEMy585KtfhOpLovXz3L4apMOj0%2B8Fk2sywHI4UIpMsJpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cefb8dfac4-OSL
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/3845852/domain/forms.app/token
54.230.111.78200 OK 949 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3845852/domain/forms.app/token
IP 54.230.111.78:0
Hash b3e2ca66792e64a0a13882fdb9ee529e
9ac8308494b18bd132c5c1996733df2a9ffb5c03
bf56bd626c4b6c4b0e200f252fa8fda1ce2be32bafaea11f6cd961a994f74cf1
GET /partner/3845852/domain/forms.app/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Thu, 10 Nov 2022 18:05:08 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XWsvUKlbA7iMUEkaVAPVZLEOwi1aqbjAWyn-xV24E7fgk6XfIZgt4Q==
age: 1715
X-Firefox-Spdy: h2
bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=2efe5cd9-4f2e-400b-aa2b-93f726baca4b&sid=31aebef0612611edb81e2331518bbf3c&vid=31aeeec0612611ed8f2d1db2ed3aa8ae&vids=1&msclkid=N&evt=pageHide
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=2efe5cd9-4f2e-400b-aa2b-93f726baca4b&sid=31aebef0612611edb81e2331518bbf3c&vid=31aeeec0612611ed8f2d1db2ed3aa8ae&vids=1&msclkid=N&evt=pageHide
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=2efe5cd9-4f2e-400b-aa2b-93f726baca4b&sid=31aebef0612611edb81e2331518bbf3c&vid=31aeeec0612611ed8f2d1db2ed3aa8ae&vids=1&msclkid=N&evt=pageHide HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=366724A3D1CF6FF9242636FBD03A6ED9; domain=.bing.com; expires=Tue, 05-Dec-2023 18:33:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1A40603540E349A6A7D31A32851CB274 Ref B: OSL30EDGE0122 Ref C: 2022-11-10T18:33:43Z
date: Thu, 10 Nov 2022 18:33:43 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7c89768eee117880b59f8644d2138e52
49a829a38293c8f1eb86dbbccc82017f1d5d86bb
c512960cca090441f3c7e9ffea25448965eb4068d1506b8afa6d391b3c3a07be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&gjid=229151896&_gid=1379521898.1668105219&_u=SCCAgEAjAAAAAEAAI~&z=719362362
64.233.165.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&gjid=229151896&_gid=1379521898.1668105219&_u=SCCAgEAjAAAAAEAAI~&z=719362362
IP 64.233.165.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&gjid=229151896&_gid=1379521898.1668105219&_u=SCCAgEAjAAAAAEAAI~&z=719362362 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 10 Nov 2022 18:33:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=97985a26-1e42-46c0-9677-5215451ee948&sid=31aebef0612611edb81e2331518bbf3c&vid=31aeeec0612611ed8f2d1db2ed3aa8ae&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=541&pt=1668105218877,,,,,0,0,0,0,0,0,41,239,239,242,522,539,541,,,&pn=0,0&evt=pageLoad&sv=1&rn=937354
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=97985a26-1e42-46c0-9677-5215451ee948&sid=31aebef0612611edb81e2331518bbf3c&vid=31aeeec0612611ed8f2d1db2ed3aa8ae&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=541&pt=1668105218877,,,,,0,0,0,0,0,0,41,239,239,242,522,539,541,,,&pn=0,0&evt=pageLoad&sv=1&rn=937354
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=97985a26-1e42-46c0-9677-5215451ee948&sid=31aebef0612611edb81e2331518bbf3c&vid=31aeeec0612611ed8f2d1db2ed3aa8ae&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=541&pt=1668105218877,,,,,0,0,0,0,0,0,41,239,239,242,522,539,541,,,&pn=0,0&evt=pageLoad&sv=1&rn=937354 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1308C25BBADB69C71FB4D003BB2E68E1; domain=.bing.com; expires=Tue, 05-Dec-2023 18:33:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F4F66E420C904659A2B8CDD7913C6C03 Ref B: OSL30EDGE0122 Ref C: 2022-11-10T18:33:43Z
date: Thu, 10 Nov 2022 18:33:43 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2817ce33ca8b3667491f155a141abfa7
c39855bf058d975083bd145b944a438b47307a36
33bb12b05df7cb1e19ba5647d57b5cc5f0a79095a2ca40a04e5fe076b7e33422
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 006bc2d8ab25bb41f907cbf7aae72496
edfa83f56f1c0e75d1785b84b1ac749c4460787e
b31c79d23217ebe327b55bea3133ebf472781ee7101df47de0f87019e182fa0b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/gsi/client
216.58.207.237200 OK 78 kB URL HTTP/2 accounts.google.com/gsi/client
IP 216.58.207.237:0
File type ASCII text, with very long lines (532)
Hash a553748ffa7010a26b055fe4bcf62c52
3f20627a9e1d436297ee857bd87608d74e48a5c6
fdccc5c54392460feed025c368195ff5859ecbd94e9e68115533b41b38972c58
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Thu, 10 Nov 2022 18:33:43 GMT
date: Thu, 10 Nov 2022 18:33:43 GMT
cache-control: private, max-age=1800
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-GqwMVuJozwW6BdCAs2vCHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/587928374/?random=1668105219553&cv=11&fst=1668103200000&bg=ffffff&guid=ON&async=1>m=2wgb70&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&fmt=3&is_vtc=1&random=226609493&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/587928374/?random=1668105219553&cv=11&fst=1668103200000&bg=ffffff&guid=ON&async=1>m=2wgb70&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&fmt=3&is_vtc=1&random=226609493&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/587928374/?random=1668105219553&cv=11&fst=1668103200000&bg=ffffff&guid=ON&async=1>m=2wgb70&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&fmt=3&is_vtc=1&random=226609493&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 18:33:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/587928374/?random=1668105219553&cv=11&fst=1668103200000&bg=ffffff&guid=ON&async=1>m=2wgb70&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&fmt=3&is_vtc=1&random=226609493&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/587928374/?random=1668105219553&cv=11&fst=1668103200000&bg=ffffff&guid=ON&async=1>m=2wgb70&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&fmt=3&is_vtc=1&random=226609493&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/587928374/?random=1668105219553&cv=11&fst=1668103200000&bg=ffffff&guid=ON&async=1>m=2wgb70&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&fmt=3&is_vtc=1&random=226609493&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 18:33:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1668105219527&url=https%3A%2F%2Fforms.app%2Fphishing
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1668105219527&url=https%3A%2F%2Fforms.app%2Fphishing
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1668105219527&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1668105219527%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLM4lwO2jzGbgAAAYRi0b54QCwwBAQ0qGvZLneAAVPXGOt-07tVJAapiC_ClGo0MINoY4S9EcN2kQ; Max-Age=2592000; Expires=Sat, 10 Dec 2022 18:33:43 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQI91Vc7ZIy4mAAAAYRi0b54WEjI2j09M_EQfOTONu10UyJLXRQFRovdTcFJk_qLhpRf2tHbQPnvJG3fRNpyPA; Max-Age=2592000; Expires=Sat, 10 Dec 2022 18:33:43 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&c8fb6a2a-fd67-4d2c-8d47-7ca2eecbf5dc"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 10-Nov-2023 18:33:43 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2428:u=1:x=1:i=1668105223:t=1668191623:v=2:sig=AQFXCNDWYrEgwH6KqmfguRdFarON6caE"; Expires=Fri, 11 Nov 2022 18:33:43 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXtIgNO2TwJlCfsfI9Kkg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: D8709E3E238E482689E470363F13C81B Ref B: OSL30EDGE0514 Ref C: 2022-11-10T18:33:43Z
date: Thu, 10 Nov 2022 18:33:43 GMT
content-length: 0
X-Firefox-Spdy: h2
bat.bing.com/p/action/137024713.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137024713.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=23C7F09A5A7B63712AACE2C25B8E6283; domain=.bing.com; expires=Tue, 05-Dec-2023 18:33:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: ARR/3.0
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 896382CE6AAF40EC9EA6599F864970C1 Ref B: OSL30EDGE0122 Ref C: 2022-11-10T18:33:43Z
date: Thu, 10 Nov 2022 18:33:43 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2817ce33ca8b3667491f155a141abfa7
c39855bf058d975083bd145b944a438b47307a36
33bb12b05df7cb1e19ba5647d57b5cc5f0a79095a2ca40a04e5fe076b7e33422
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash da6ea2384d89dcf08521ba15aaa8c085
141a73f1f12700389cecb3548d37c2d5286e7a95
db36322a9271b8e877ba3b1b59c0b8783eb5e9ac8cddd9ecce4180904e7a1088
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&_u=SCCAgEAjAAAAAEAAI~&z=1240979541
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&_u=SCCAgEAjAAAAAEAAI~&z=1240979541
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&_u=SCCAgEAjAAAAAEAAI~&z=1240979541 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 18:33:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&_u=SCCAgEAjAAAAAEAAI~&z=1240979541
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&_u=SCCAgEAjAAAAAEAAI~&z=1240979541
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123158574-1&cid=1915409694.1668105219&jid=1599508429&_u=SCCAgEAjAAAAAEAAI~&z=1240979541 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 18:33:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6738
Expires: Thu, 10 Nov 2022 20:26:02 GMT
Date: Thu, 10 Nov 2022 18:33:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6738
Expires: Thu, 10 Nov 2022 20:26:02 GMT
Date: Thu, 10 Nov 2022 18:33:44 GMT
Connection: keep-alive
forms.app/assets/img/templates-resources.svg
104.26.7.145200 OK 868 B URL HTTP/2 forms.app/assets/img/templates-resources.svg
IP 104.26.7.145:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (690)
Hash e94add72eed658c4a07f20d1867cfd04
f65bfd12c7cec30ea531431afcd1e1de9b185d0e
b777e82ef19d72db79fc183a3233ef35a4a667ea3c8c05e8582526a7dd5b7157
GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Nov 2022 15:44:59 GMT
vary: Accept-Encoding
etag: W/"636d1c7b-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJapVnysObVlaOK0ccsUPDjbI%2F4Zg7A0A2nbyPTHtcZiMmk3cykvqkSXASkgB4Bv4tnI3yZDU7mwwjgt2rGTG9Zuul9OPKvOK5PAFSR%2BqFtjriHFvQ%2Foh6GLQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccd9c7fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6738
Expires: Thu, 10 Nov 2022 20:26:02 GMT
Date: Thu, 10 Nov 2022 18:33:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6738
Expires: Thu, 10 Nov 2022 20:26:02 GMT
Date: Thu, 10 Nov 2022 18:33:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 178b1b5efcd0c5997d0e5b820193abe2
460630852800c0304295c78df268bfec64416f98
9822d2ef4199dcc01f81a8e6d3a91d9545466c17abfca4eb30e0a49ca8301da6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3445
x-amzn-requestid: 92b5ba7a-e45a-495c-89ae-9738fd5644bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWloyHMpoAMF-Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c9e-5508b96c349a34537809ef0e;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3-XU3AO60wbMDZcPshBPHvxEFAQHVs7-dlg52BfbxkSlDAEx9kaeeg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:58:41 GMT
age: 74103
etag: "460630852800c0304295c78df268bfec64416f98"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc04eddc597d6b10db5d59c53f20aec
dddc0da13526d24aaea990cc1d68d9212612da43
a7e2d1fd141c4383de3411be95b8875c9d969d5f001020793a2b4d939aaa780b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12268
x-amzn-requestid: cd9ea4f7-9a75-47b4-a0ad-817c821a592e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlpZHbBIAMFfUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1ca2-69a98f453929cc817bead2c7;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Xq1vIovXXR0pPaaHjKWeLcZszoEkISrYvqKvshtQ9dFTf6CUwxmIWA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:45:34 GMT
age: 74890
etag: "dddc0da13526d24aaea990cc1d68d9212612da43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c2db9097ad95b726c65a3130483daf7
2b6dbe326a49e03a0f8d1a5d15930fd7870f6f79
1da5e63e7a3e837c758bb365e5e99e6dfb6c54e9b2fe038c3eb1334a86dc4d74
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7723
x-amzn-requestid: 1e07419e-8cd6-43d6-b0bb-61183502ee40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlpGHFKIAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1ca0-751c8b152ea5c28f5a78bf46;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BXdwO74rhbF9575IFRz-DNbcEFNiX7JiCtsvghmUE8zOju0eyuFjow==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:45:34 GMT
age: 74890
etag: "2b6dbe326a49e03a0f8d1a5d15930fd7870f6f79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2917b487c605eb7f53d20ff3b4fbfef0
5dd8989fb1129638361c16ad2a1fde93a4c4aafd
aaf620d791f23829e15a454b3faf5b47a0f00ff37ada91d6de5c62c322fe90ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8875
x-amzn-requestid: 1374243f-4fd8-4405-8f8a-946a8f92c457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlniEw2oAMFtfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c96-195c58a826eae13b58d21aa0;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MfDIK2PCS_o7UuNXVSNOb3YbR_P8vlF7xw75qf8WdbjRr8hzCVYu6A==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:28 GMT
age: 74836
etag: "5dd8989fb1129638361c16ad2a1fde93a4c4aafd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f570a6d-7e0c-4dc3-9a3f-7af7ccbae623.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f570a6d-7e0c-4dc3-9a3f-7af7ccbae623.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash feb275cc5fa7b13e70522cb76f001bbc
80ca9cf6cbbc73a884c3a839ace9a7aa191a8504
a5680637b55669355967b87fd4be4881a3e4dea746b7c420acf4dcb46b8a28de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f570a6d-7e0c-4dc3-9a3f-7af7ccbae623.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8242
x-amzn-requestid: 1ab9c180-7e6b-4eae-a6cf-6a45c96fdc4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlrkE_2oAMFk2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1cb0-0089846803d11bb649874507;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kZPJ95WwFXhxoBwZIeTN2iRl3-XFPmooKSeFtLu3wIm4b8nabFY2mA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:29 GMT
etag: "80ca9cf6cbbc73a884c3a839ace9a7aa191a8504"
content-type: image/jpeg
age: 74835
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1301540a-8618-4725-97e7-ac03773f7ed0.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1301540a-8618-4725-97e7-ac03773f7ed0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a929256680885031f55121c35d626bcc
9caf2466f70995d5763b970f916c4944b364a4ff
9366db1c171fe9dae5946198415c9a02005a432fccd359896f94bce874c91027
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1301540a-8618-4725-97e7-ac03773f7ed0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9283
x-amzn-requestid: c800cccd-80cc-4cd6-8856-66cfd07141c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWmC2HnpIAMF3kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1d45-686eac2b6c65b8dd41dfb44a;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: y9jHtcAFR3KyG8gWBDJ13rjekqGz6dUoqn0d_yHYW9beFkeCGSxbsA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:51:10 GMT
etag: "9caf2466f70995d5763b970f916c4944b364a4ff"
content-type: image/jpeg
age: 74554
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1668105219527%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1668105219527%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1668105219527%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1668105219527&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&953f5323-53f6-499e-8786-da5fae7e55e7"; Domain=.linkedin.com; Expires=Fri, 10-Nov-2023 18:33:44 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&2022111018334333b0abe5-7daf-4cb3-8fd9-f1648a021127AQE9co2l058c5-9HVqdC7EISFko73n-H"; Domain=.www.linkedin.com; Expires=Fri, 10-Nov-2023 18:33:44 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjgxMDUyMjM7MjswMjGR9+qw5z1b6IJEC4YcrojMd4h7WgNgHYA/rXRqHA0kRg==; Domain=.linkedin.com; Expires=Tue, 09 May 2023 18:33:43 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2428:u=1:x=1:i=1668105224:t=1668191624:v=2:sig=AQGiIrySnl9j4IF5RWkHRi9WBSaSbbGL"; Expires=Fri, 11 Nov 2022 18:33:44 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com *.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXtIgNSn87nucg17qXx7g==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 3FD9E1A0CD9644DCA2694E9CB2BD12DB Ref B: OSL30EDGE0514 Ref C: 2022-11-10T18:33:43Z
date: Thu, 10 Nov 2022 18:33:43 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1668105219527&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1668105219527&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1668105219527&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&8de30a9b-d0cb-4644-8627-e6ea6ce2396e"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 10-Nov-2023 18:33:44 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2372:u=1:x=1:i=1668105224:t=1668191624:v=2:sig=AQHv4PxUZSEtILfzUUVfGx6S9EkUwFq8"; Expires=Fri, 11 Nov 2022 18:33:44 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXtIgNVeqZPPiQjN3zObw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: B7CC38E9DA3045D8AB1DEADEC4A5E21D Ref B: OSL30EDGE0514 Ref C: 2022-11-10T18:33:44Z
date: Thu, 10 Nov 2022 18:33:44 GMT
content-length: 0
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
104.26.7.145204 No Content 0 B IP 104.26.7.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiYjA4YWUyMGM2NjA2ODUyNCIsInRyIjoiZWY0NTE2NWY4NGJjMDRiZTU4YzJmN2NhNDFkNWY2ZjkiLCJ0aSI6MTY2ODEwNTIyMDMxNn19
traceparent: 00-ef45165f84bc04be58c2f7ca41d5f6f9-b08ae20c66068524-01
tracestate: 2885732@nr=0-1-2885732-286479549-b08ae20c66068524----1668105220316
content-type: application/json
Content-Length: 17315
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.1.1668105219.0.0.0; _ga=GA1.2.1915409694.1668105219; _gid=GA1.2.1379521898.1668105219; ln_or=d; _dc_gtm_UA-123158574-1=1; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _fbp=fb.1.1668105219841.1294036371
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
date: Thu, 10 Nov 2022 18:33:44 GMT
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7680e0d3df4bfac4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 18:33:44 GMT
via: 1.1 varnish
x-served-by: cache-bma1652-BMA
x-cache: HIT
x-cache-hits: 3664
x-timer: S1668105224.344069,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 537 B IP 93.184.220.29:0
File type gzip compressed data, max compression\012- data
Hash 4dbc9de8836334797f47898e6ce7844e
c079514dca0a9feb4757e76ecbe869a6abb508eb
15c38323955fe47614738d3fa8632424231112bffdf5ac0c1be6ada8dc52e33c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 687
Cache-Control: max-age=171184
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 18:33:45 GMT
Etag: "636d3b0a-1d7"
Expires: Sat, 12 Nov 2022 18:06:49 GMT
Last-Modified: Thu, 10 Nov 2022 17:55:22 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1531&ck=1&ref=https://forms.app/phishing&be=278&fe=1425&dc=540&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1668105218877,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:41,%22rp%22:239,%22rpe%22:239,%22dl%22:242,%22di%22:522,%22ds%22:539,%22de%22:541,%22dc%22:1424,%22l%22:1424,%22le%22:1431%7D,%22navigation%22:%7B%7D%7D&fcp=421&jsonp=NREUM.setToken
185.221.85.3200 OK 77 B URL HTTP/1.1 bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1531&ck=1&ref=https://forms.app/phishing&be=278&fe=1425&dc=540&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1668105218877,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:41,%22rp%22:239,%22rpe%22:239,%22dl%22:242,%22di%22:522,%22ds%22:539,%22de%22:541,%22dc%22:1424,%22l%22:1424,%22le%22:1431%7D,%22navigation%22:%7B%7D%7D&fcp=421&jsonp=NREUM.setToken
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1531&ck=1&ref=https://forms.app/phishing&be=278&fe=1425&dc=540&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1668105218877,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:41,%22rp%22:239,%22rpe%22:239,%22dl%22:242,%22di%22:522,%22ds%22:539,%22de%22:541,%22dc%22:1424,%22l%22:1424,%22le%22:1431%7D,%22navigation%22:%7B%7D%7D&fcp=421&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 18:33:45 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7680e0db0bf816a5-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=bf166da07d5458cb; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IChkcTv6znsdvLV7BgJ2%2B3Xb9K7jeslrBZcciUuhaa569YfDca%2FgZ89w%2Bl3JmTwk20CHPHntv7%2BQI08iZ1uxeO6OjyyszMpyBdhXHafV80BO18oA9m4rTAOSA1c4K0GqLgQum1dg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2701&ck=1&ref=https://forms.app/phishing
185.221.85.3200 OK 24 B URL HTTP/1.1 bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2701&ck=1&ref=https://forms.app/phishing
IP 185.221.85.3:0
ASN #206998 New Relic International Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2701&ck=1&ref=https://forms.app/phishing HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 445
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 18:33:45 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 7680e0dbbc9f16a5-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nZRqv6PIkBETyDUW51Vu8YI8ys4DU5XdMhvA71na2KBzxpRE3p47ITg1dGMv8IPS1rvcG%2FcmHYjpPV2tWj0abL3pyJhlbPB7lMHgrKe10iHwdKxK%2BjlPH2%2BEyrwjVyRjuPfLshDL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
forms.app/assets/img/formsapp-logo.png
104.26.7.145200 OK 3.5 kB URL HTTP/2 forms.app/assets/img/formsapp-logo.png
IP 104.26.7.145:0
File type PNG image data, 400 x 87, 8-bit colormap, non-interlaced\012- data
Hash a77f4c80bac841f7d3d2aa02372b8861
840d40fc6bdfbddff8e5d917ef5b669d8c4543a2
84b597803bfe471883e8b519902994881ee7c85066fa09a5c01cf3a30bb645be
GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.1.1668105219.0.0.0; _ga=GA1.2.1915409694.1668105219; _gid=GA1.2.1379521898.1668105219; ln_or=d; _dc_gtm_UA-123158574-1=1; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _fbp=fb.1.1668105219841.1294036371
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:45 GMT
content-type: image/png
content-length: 3548
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
etag: "636d1c1e-ddc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I44DIfku955F04bWPiITEBO1r2DB8H6P84iry8uoRGAlKWTV%2BRlSjeDkm2enz08yP%2B%2BreNahY0Ey9KEFCxUsC6HGM3WakKf9Nm2%2FOU2X0frxgKueG4%2Bh9gdqYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0dbad58fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/google-play-logo.png
104.26.7.145200 OK 7.6 kB URL HTTP/2 forms.app/assets/img/google-play-logo.png
IP 104.26.7.145:0
File type PNG image data, 191 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash b30b4bd0775acd1e172ed059d1151d4d
70d96852cfae2fdc113342e3bf46cc4ebe706815
cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b
GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.1.1668105219.0.0.0; _ga=GA1.2.1915409694.1668105219; _gid=GA1.2.1379521898.1668105219; ln_or=d; _dc_gtm_UA-123158574-1=1; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _fbp=fb.1.1668105219841.1294036371
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:45 GMT
content-type: image/png
content-length: 7621
last-modified: Thu, 10 Nov 2022 15:46:33 GMT
etag: "636d1cd9-1dc5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6nxg%2FY9t9tqTHzmw%2Fokob42u0oynVzqXvZQyN78yIHwFVqk2TaUMyi0%2Be0aB%2B%2B8D1ToWzVzfyFkE%2BbC7jM8krngL1ZupPsLx9KCOtFzEdwzRpZ2kx2YgYqSQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0dd5ea9fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/huawei-app.png
104.26.7.145200 OK 7.4 kB URL HTTP/2 forms.app/assets/img/huawei-app.png
IP 104.26.7.145:0
File type PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 86c2e696aa2528b2cb3589897ba4bfb7
598e89de6512720a92e4e94a538e2eb64d746229
eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6
GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.1.1668105219.0.0.0; _ga=GA1.2.1915409694.1668105219; _gid=GA1.2.1379521898.1668105219; ln_or=d; _dc_gtm_UA-123158574-1=1; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _fbp=fb.1.1668105219841.1294036371
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:45 GMT
content-type: image/png
content-length: 7360
last-modified: Thu, 10 Nov 2022 15:49:28 GMT
etag: "636d1d88-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XV1PjW8gGr6UA4OMLknvOc%2F8Bm67IZBgV0vdiEFTX3Es90BHTeTb3JYeqBeJYmyhB%2B5nKcJTu69U5Q6JB4MGwqo%2FlRZGvcGRfyZ8diW9re235AWYYgHG4NNNoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0dd5eacfac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/app-store-logo.png
104.26.7.145200 OK 7.6 kB URL HTTP/2 forms.app/assets/img/app-store-logo.png
IP 104.26.7.145:0
File type PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 02b87ac5a0d67d23008ed83695705c23
1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5
a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736
GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.1.1668105219.0.0.0; _ga=GA1.2.1915409694.1668105219; _gid=GA1.2.1379521898.1668105219; ln_or=d; _dc_gtm_UA-123158574-1=1; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _fbp=fb.1.1668105219841.1294036371
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:46 GMT
content-type: image/png
content-length: 7634
last-modified: Thu, 10 Nov 2022 15:44:59 GMT
etag: "636d1c7b-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83%2BAz59iDAbnFOnikGDUJSh1zwAMB4xpBqXNi7%2BC8DMofnurTW59tWQPs85IKRimZeVekUtGKLpI99HxHtOHrch1NqtcW74RBY4YQQzaVW80bundJKApL3Qi%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0de0f1cfac4-OSL
X-Firefox-Spdy: h2
my.forms.app/form/636ba97de5740e14f4400eb7
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/form/636ba97de5740e14f4400eb7
IP 104.26.7.145:0
GET /form/636ba97de5740e14f4400eb7 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:41 GMT
content-type: text/html
last-modified: Tue, 01 Nov 2022 12:04:04 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qz7%2FN5dLUPD4BrMGCIREmuka4mcLGHhiiImVr6E4njrdtifPpdOpVm6JTub8ubD9mw3F4wztyYKQ37klyeze%2BZJGQ%2FN8ufW%2BoAQkht%2BuY90ylq%2Fi6yygUMng8yQkmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c41ae0fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/form/636ba97de5740e14f4400eb7/view
104.26.6.145403 Forbidden 0 B URL HTTP/2 api.forms.app/form/636ba97de5740e14f4400eb7/view
IP 104.26.6.145:0
GET /form/636ba97de5740e14f4400eb7/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Authorization: none
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 403 Forbidden
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tWcvqtythhp8N8yh6%2Bxi4uVRV1zl5VdvqhAYBO89Mf6a5Ifm4%2BPQ0JyRVCgU3ZG1vVaVsnmTSBzOOvJ6ZSf7NWZ31F0qRiA7Pm6k1hBQ4L%2FcZHMJfkcidp5NSuVnh3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c97ed9b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/google.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/google.svg
IP 104.26.7.145:0
GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Tue, 01 Nov 2022 12:04:33 GMT
vary: Accept-Encoding
etag: W/"63610b51-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5CBf9qQ1aMojWVSuoXxx2LwVsE%2BervyMNoTh5cB2ux%2BKXysF0Cq3WjJSnIZnVuCd2Zp2NbNQGbvE%2BmhD2aHG2XB2OxKd5ySmcFF8fQb%2Bb4ZihE5M2YJrHGH3Pg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd6a3afac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/dcomponents.b142c.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/dcomponents.b142c.css
IP 104.26.7.145:0
GET /static/css/dcomponents.b142c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 12:04:33 GMT
vary: Accept-Encoding
etag: W/"63610b51-1ab9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=es%2B68OWpy5mu94rwT%2FDgkn3U8g6fQna7F%2B6WYNtRUnQCTKE0vmw1KpLh2%2FGX1ixNu6I6DIxEGIcUYaYfnLuxiK563Nm3QNYBfhRmpHRhKbpPLoIBExtfMBkUrdaGfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c5fc5cfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/asyncstyles.4869d.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/asyncstyles.4869d.css
IP 104.26.7.145:0
GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 12:04:43 GMT
vary: Accept-Encoding
etag: W/"63610b5b-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1026
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZYH0zmW9HX4%2FWuvun15GTbbS4YNbPBs6Yl8pYc9wi6TvxkcR7qMZ2eO4sPrmDuxKDOsINJNZnEgC872Rds77eUj75u2LBLAe0as8i8rj5XsyKOQV%2B0McOoCPCS89Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c5fc5afac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/help-resources.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/img/help-resources.svg
IP 104.26.7.145:0
GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
vary: Accept-Encoding
etag: W/"636d1c1e-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jePASHYhW2CL1lOyBi6IgEqJyL9jdHx6%2B8aviP8xk4Eul8do6w%2BL%2F6go5blJ6Y9hkx4D1beG0NjT%2FupErl8oHSkWpSFsEaURQE%2BJy2XiRofJQ5PZhVylZqNeJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccd9c9fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vuelazyload.45220.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vuelazyload.45220.js
IP 104.26.7.145:0
GET /static/js/vuelazyload.45220.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:45 GMT
vary: Accept-Encoding
etag: W/"63610b5d-50a6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNQWCWwxHJDb6pLUKuZV%2BnpvbZCzEl3tQB5Fs8fvBSymr%2BV9OVE%2Fy%2BBOrEYwTOrAghUineIyWytWNX647jf9y7uIS0yGkvwvU5wrBoP49nmotFAKlqanR1PC8psTKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c75d6dfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/wordpress.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/wordpress.png
IP 104.26.7.145:0
GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=14590
content-disposition: inline; filename="wordpress.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Olw%2F8Fq1i%2BC2vN8y%2BvH9xplsPm4hLXqUgT04WwJDeM%2BUTr4wgnQ9T3bvmRtbPjdBUwhdym2f5ErJyIsf4q5fn6rMcJwoJtUxInrx98g%2B2%2Bd6o7XifUhmCeBiU7Sd9TDO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9e0fac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/trello.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/trello.png
IP 104.26.7.145:0
GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5239
content-disposition: inline; filename="trello.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Ken5VYgT9OfcKtYLxfnzyQGoX4u8VtvbViBaW%2FUFot0UgfhBXSJAkaq%2BG%2BiiXJJppeiAlE3kwsmG7lVEZpgD4CaJuDjZPDtzd17caND62iVu23gnf2lh%2FDh76tYsMAY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9d2fac4-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/country-en.83d29.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/country-en.83d29.js
IP 104.26.7.145:0
GET /static/js/country-en.83d29.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:10 GMT
vary: Accept-Encoding
etag: W/"63610b3a-102a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5BFGVMw%2F4n9nScFFh2LgwyECvID13gKtJqB6%2BKSBGI48ArbEILb83IKieFnK%2FgrFAvjtUKr2GkRltl2%2Bwrlq%2BxY7Dv4%2BZ8mBtOPHDyuldZNumF3scsuQg2rrF%2Bg1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c6ccf1fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/sheets.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/sheets.png
IP 104.26.7.145:0
GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6381
content-disposition: inline; filename="sheets.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2WxJxkd1KSDlVtpVPzd9FlKWiq1w%2FNG6RwAxpt%2B5ni3kAj0AX8nJwp7wV8PJauuGuT7hIAHIXA9KlfPMF9%2BwgQx%2Bjut8PlbKJnqUhjm9N4MdXoSs5e5zglOmqjYM26r9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9cffac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/hubspot-crm.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/hubspot-crm.png
IP 104.26.7.145:0
GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=9843
content-disposition: inline; filename="hubspot-crm.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7waWYQqCJjdu%2BDcTnHy6eciviVUAhbewaGu8nq2ONWN00lmdWj1UiyQD%2BjJm52ygtuO%2BZMdNKKMwY7zcuz7eP0JxRCM6TvrSNEHMqZsuTdhu%2FwYqamuqJ9nMi6IHWjKj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccd9cefac4-OSL
X-Firefox-Spdy: h2
my.forms.app/static/css/vendor.88295.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/vendor.88295.css
IP 104.26.7.145:0
GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 12:04:42 GMT
vary: Accept-Encoding
etag: W/"63610b5a-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CumqCMaB3ZYFgRgBqsbm7%2F39c2YrNRzpdSTHTfsanh8%2FoOGUWAYgwfEcg%2FSfvVaaiA4sesDOSo0L6b3vwv%2BgJA0aBWw5f3heUC63rr1pkrEHHVj6fiqDcKdhFhg1jg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c5fc58fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
IP 104.26.7.145:0
GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 12:04:05 GMT
vary: Accept-Encoding
etag: W/"63610b35-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ycGvPJoFu2bjdrE8VUUBIYL%2F7anUqIjVdm2j%2F2ktpkdCa5unevRl6wfFXsdiRhEaKqmnXnrGGl7jB5xB7CA1wtSh8gr24WwjDlH6kIVsslKW0jdQ8oAL3X9ry9A9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c79d9cfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/logo-home.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/img/logo-home.svg
IP 104.26.7.145:0
GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Nov 2022 15:50:57 GMT
vary: Accept-Encoding
etag: W/"636d1de1-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ulWhsDSXFB%2FXK9qC0ptZOr55El7MLSkeda2OjgeaTt6B%2BpuQQVWCJAXjF5GILUyhM4UKSVQLrWGKhDvzhQK0ofvBC9cm4cmQMGKTTpIP4AiZROzSFtaUjtkTnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccc9affac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/slack.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/slack.png
IP 104.26.7.145:0
GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6402
content-disposition: inline; filename="slack.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfXr2KQNmCau4Wl1RxOuXUWopFf5QewjCpXliRvyX3bSBIwbRZm42Ix5XXdkNunOa6fFaP6hQkUioGrOArRqJKbCgxlm41fH4%2BEeO55o9MiC6SfCbCoPRu6kY93wEgKv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccd9ccfac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/Google%20Analytics.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Google%20Analytics.png
IP 104.26.7.145:0
GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2090
content-disposition: inline; filename="Google%20Analytics.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TBgMaWB8YpRcW5H32vi1NkDQ2eDItoOJ8IdisW513rNdlfV2iVSHCIJ5GRKJ6q7kjVgPux5wG%2F95NKx2WDjHWH6icfA%2BCN3E5IHo4Z3W6m8jajQGrrO323J8zI8fjNb5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9d5fac4-OSL
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/facebook.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/facebook.svg
IP 104.26.7.145:0
GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Tue, 01 Nov 2022 12:03:49 GMT
vary: Accept-Encoding
etag: W/"63610b25-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7n%2BfllA9kP7TcuSmP1H3Vbx7E272jkmIvAlcQh7SFFsqgocGdBqG1FiPeHptVdxdjcIDBB4SQey06sQYp09gu8DCyHHZhhCV2bAsJErEDRTlHtGyeJiY6Dhq7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd6a3bfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/iicon.8278c.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/iicon.8278c.css
IP 104.26.7.145:0
GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 12:04:15 GMT
vary: Accept-Encoding
etag: W/"63610b3f-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1027
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1QafNEDzLhQzDRw2Q4C6LAcQ1bDgNzLz7%2FJBC86RGgh9UcVlSjgjylKaMzunFN%2B7MYJwiPiFKJivGCk%2B3SSDzrUF0guOsDWYyKQBTKZVhpHP21nnvb%2B4IrgC7wG9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c5fc5dfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/asyncstyles.7792f.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/asyncstyles.7792f.js
IP 104.26.7.145:0
GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:08 GMT
vary: Accept-Encoding
etag: W/"63610b38-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgOERCfDbpe9RN8WcT8ifZs4z7FeNFDnc4iU5Y0oaUtl2hZ3wcEPDQlexLnkl9iVyVqcvYEePtFFHtzXa9DT4kR42OEMReLA%2FDGK%2BY%2BQnM649R7l1BBL2pJaHuTgvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c60c60fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/dcomponents.7cf80.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/dcomponents.7cf80.js
IP 104.26.7.145:0
GET /static/js/dcomponents.7cf80.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:07 GMT
vary: Accept-Encoding
etag: W/"63610b37-27c4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FzZfc%2BdlraAfELkt%2ByASlYnLh12K%2FlMFQbRNsspFjbNPaAJWEln6pMczkh3Wo64Dtqplfc5CkxjHYWkN7bdidBPQSV3CM4sXN0VRG1PPlMLpPf%2BAiHqh0T1HuVwPGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c60c61fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vendor.523c4.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/vendor.523c4.js
IP 104.26.7.145:0
GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:08 GMT
vary: Accept-Encoding
etag: W/"63610b38-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rhqpm%2Fl0csQR3u%2BrbJ3c2Zbant8AYZYC8ju0%2B2HwqHZlDGWHd97xA4%2Fp1AliAH0%2BzSAJc9enKTtYHfTbIE18gVHUa2RWitXLv7em9SR8vAm6RADrxf55oeL2uJImYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c60c64fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/airtable.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/airtable.png
IP 104.26.7.145:0
GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=7872
content-disposition: inline; filename="airtable.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOmSlArW%2BixyWNwnXEIfL1p1A1hgIdNWT4e40Em9jG%2BZx6W1CgPpEhjhfXk5GwfH5I%2B3vYuOV3QvbtEKBRt9biORt7ZyyfuqT3sgHvjV3P%2FEKZ90om%2BPe%2BtDMJ99UcE6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9e3fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/js/login.fb59ba75.js
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/js/login.fb59ba75.js
IP 104.26.7.145:0
GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 15:43:26 GMT
vary: Accept-Encoding
etag: W/"636d1c1e-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdNCwww0fiTPfZa5OZ7hUwFy8E5nFWa07PBYnJ1cEvIgmVJ5VMGmgQE5FHCxtdTJ6r7jQAgFIga%2BvFXY5ReC56iwjjQsfcBYzjBD%2BhBp1cGGX20tGrzOEPwo0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd6a3efac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
IP 104.26.7.145:0
GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:48 GMT
vary: Accept-Encoding
etag: W/"63610b60-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gw4MN5crUrUIFxoaZQLQhLKzRUxkTBW2AfApsN%2BdzqyPkIN3nALLPW0pZz3STZ711Od5Rx7AMCR7mOg92wk44boyJTPIe1gJ6erJxilgn75uU5j1jpXUSWb5ZIrAPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c7ada3fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/WhatsApp.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/WhatsApp.png
IP 104.26.7.145:0
GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=4401
content-disposition: inline; filename="WhatsApp.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4AijBx2UambUfZ8LT8tlguC8LHVLLr68zXuNtB0y%2FZcASnG4l7F%2F6LeZQkYou4HINlNsXu%2BdIlW3axPbIb2BLWEDq%2Foa2tCcRKJhIrda6wwnxdB3OAW09W56g1pVfeJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9d7fac4-OSL
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/envelope.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/envelope.svg
IP 104.26.7.145:0
GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Tue, 01 Nov 2022 12:04:14 GMT
vary: Accept-Encoding
etag: W/"63610b3e-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2IZWc6Tq13EK5rKikQgCjDtjivw3kGy0EYfPA0479WTQE%2BmVFV8AOxNbJPBkG0ar%2Fbe33S%2BVmN4CwZyuAXuq4%2Bel%2F08TIqeBtGIlnhnyFZ%2FjtSt%2FtYps6B95Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cd6a3dfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/runtime~app.67f68.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/runtime~app.67f68.js
IP 104.26.7.145:0
GET /static/js/runtime~app.67f68.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:07 GMT
vary: Accept-Encoding
etag: W/"63610b37-6020"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soesFf7l32KmUuu18830CXjbYvxV7ps7%2B%2FOCYyWKVi17hbAGhIqNfWN9UGY%2BrMaElhfJjvTS7H5y5gnWWKY5sXr9iacwIdkB%2BBm2OPXWoY9yHmVprplIehDZviSNvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c60c65fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/swal.2ebcf.css
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/css/swal.2ebcf.css
IP 104.26.7.145:0
GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 12:04:33 GMT
vary: Accept-Encoding
etag: W/"63610b51-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1019
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZKkv8esc5cI6giSyiivMDzWDWjQAQ94umsXtpneBfQl6m3AOWEeZ0wCkdazwziPndCm2MEibrUYmpXsDxfwTFqDRE5l%2BbRH1DjUyJcQ0XKUd4E2QrWD64Tgf8NhMXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c76d70fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/user/gettimezonefromutc
104.26.6.145200 OK 0 B URL HTTP/2 api.forms.app/user/gettimezonefromutc
IP 104.26.6.145:0
POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4uSTTz2gL2QmDq0Snd9o80wYla8HDoTWcI9TUAI%2F5MCkJuBNLz9OYnSK6eO4CoIr1mulTvRJ7N3RkhJx0jNAEc%2F4Ea83CzO8Hq7m2C1EelEb8ErKTr%2Bf7KmF6ARTezs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c8ee20b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/blog-logo.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-logo.svg
IP 104.26.7.145:0
GET /assets/img/blog-logo.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Nov 2022 15:46:34 GMT
vary: Accept-Encoding
etag: W/"636d1cda-ee0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNcRnIcbTgnWTX%2FsWxCEp1wUfRW7G0wkMKbcAJd5Z4IOZgOjt2quY9bZ95T6rjecLBAq2eMPy2%2BNTc6%2BGIwJ67RYbs4oJR6kltlmV9L09ID%2FxDvccDcTL7TrBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccc9b1fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/excel%20copy.png
104.26.7.145200 OK 0 B URL HTTP/2 file.forms.app/sitefile/excel%20copy.png
IP 104.26.7.145:0
GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6706
content-disposition: inline; filename="excel%20copy.webp"
vary: Accept
cf-cache-status: HIT
age: 4216
last-modified: Thu, 10 Nov 2022 17:23:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hr%2BjYMUfBCSQ0m2ERRz9KDM8Vhbx46NoiZ1W5v%2FTDdHDLuGEe4bIyrZv2Sba5Tb4Zh6g7MBSsWPzNIRqyJuI5a3ZRvDnBtGgOfabF97lgPvGxirPfte2tm%2FXMGNEmPr9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0cce9d9fac4-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/app.526cc.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/app.526cc.js
IP 104.26.7.145:0
GET /static/js/app.526cc.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:08 GMT
vary: Accept-Encoding
etag: W/"63610b38-3f6d5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1027
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UvRxk9OyMxrXSCfHSVvDhvKR9SVq1F3RlV19H1Ljlev4g3RMIG%2BpFQWqyHH7F0wm0MYniE3Hs3co674Wxw9JhMwGBqeqEKPTwT4mJxXYAzfvExRgMphQLWp6Vc6lxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c60c5efac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.56.101200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.56.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7680e0c62b160b69-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
my.forms.app/static/js/lang-en.a0a5b.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/lang-en.a0a5b.js
IP 104.26.7.145:0
GET /static/js/lang-en.a0a5b.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:46 GMT
vary: Accept-Encoding
etag: W/"63610b5e-fd28"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJGhBiAwTXoGkGYRJbblE%2Bokos5mPjADy5zyKQNeasVn7kFG3uqP6EPcjx5jRTHp2hxusKTBEFHqtAp7EV9N9AIIVWJxgk1PXPka2dYXG8DND8q%2F%2Fo46yospUc3j%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c6ccf6fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/swal.4f135.js
104.26.7.145200 OK 0 B URL HTTP/2 my.forms.app/static/js/swal.4f135.js
IP 104.26.7.145:0
GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/636ba97de5740e14f4400eb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:42 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 12:04:43 GMT
vary: Accept-Encoding
etag: W/"63610b5b-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1019
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kHPACBQtqpM64U51e6xH5f%2Bqd65uPHX4NTL2HnIWqhj7fIJKooCcnfZxsG7XzPA6XgB8%2FHl9d6Hr35niyFF6srpxxRqEFWzO1RbGWyHj5KcD4rhwlP%2FA%2B1Y%2B9LKOKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0c76d72fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/blog-resources.svg
104.26.7.145200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-resources.svg
IP 104.26.7.145:0
GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.846747874.1668105219; _ga_740JKHV4FZ=GS1.1.1668105218.1.0.1668105218.0.0.0; _ga=GA1.2.1915409694.1668105219; _uetsid=31aebef0612611edb81e2331518bbf3c; _uetvid=31aeeec0612611ed8f2d1db2ed3aa8ae; _gid=GA1.2.1379521898.1668105219
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 18:33:43 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Nov 2022 15:50:57 GMT
vary: Accept-Encoding
etag: W/"636d1de1-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6QQmC%2FAzlh61GqTbOMnHXHwXUgB0KblAJo4mZ5sG%2FZIb4jdzEwbFHHgbe3gp3djrfC5cvLbSC%2By7m%2B6HqCWl93%2BCsfsCRCwrBz9PUy38yJrmA1G3lVgcCOgtsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7680e0ccd9c6fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2