Report - my.forms.app/form/609890b8001f18095ac075fc

Report Overview

Submitted URL
my.forms.app/form/609890b8001f18095ac075fc
IP
172.67.72.65
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-27 01:42:53
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	786 B	2.0 kB	142.250.74.98
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	578 B	704 B	64.233.162.155
px.ads.linkedin.com	522	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	918 B	2.3 kB	13.107.42.14
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	355 B	28 kB	157.240.200.14
bam.eu01.nr-data.net	9782	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	2.5 kB	185.221.85.3
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
forms.app	267784	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	103 kB	104.26.6.145
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	944 B	143.204.42.158
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	1.5 kB	142.250.74.3
js-agent.newrelic.com	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	19 kB	151.101.86.137
widget.intercom.io	2417	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	351 B	374 B	54.230.111.95
api-iam.intercom.io	2892	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	972 B	107.21.231.73
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	978 B	2.7 kB	23.36.76.226
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	354 B	20 kB	142.250.74.174
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	43 kB	34.120.237.76
certify.alexametrics.com	3704	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	868 B	550 B	54.230.111.59
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.165.41.15
api.forms.app	992980	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	940 B	1.4 kB	104.26.6.145
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	15 kB	172.64.156.26
file.forms.app	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.3 kB	178 kB	104.26.6.145
www.linkedin.com	608	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	557 B	2.8 kB	13.107.42.14
js.intercomcdn.com	2440	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	718 B	111 kB	54.230.111.118
nexus-websocket-a.intercom.io	2137	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	179 B	35.174.127.31
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
bat.bing.com	387	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	14 kB	13.107.21.200
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	625 B	373 B	157.240.200.35
my.forms.app	720683	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	298 kB	104.26.7.145
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.7 kB	93.184.220.29
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.0 kB	8.4 kB	142.250.74.3
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	488 B	46 kB	142.250.74.163
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	77 kB	142.250.74.72
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	84 kB	216.58.207.237
redirect.prod.experiment.routing.cloudfront.aws.a2z.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	96 B	3.15.76.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-27	medium	my.forms.app/form/609890b8001f18095ac075fc	Phishing
2022-09-27	medium	forms.app/phishing	Phishing
2022-09-27	medium	my.forms.app/form/609890b8001f18095ac075fc	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (54)

	URL	Size	First Seen	Last Seen
	certify-js.alexametrics.com/atrk.js	4.3 kB	2023-03-07	2023-11-20
Pretty URL certify-js.alexametrics.com/atrk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2023-11-20 12:42:18 Times Seen489 Hash d89453438fbf10dcf4c13265c40d5160 02d5f4e46c94bf34e12b2d773f63f643ea2b3518 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f Loading...

	my.forms.app/static/js/vuelazyload.45220.js	21 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/vuelazyload.45220.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 12:33:24 Times Seen1 Hash c9c484adae51a52b2f5e3e08bab61d99 299f1b0fdd775e209cca550c8d6c1ca5435d8d7f 8b06f09064de32af0c1ef92560c2ad7fb47e7faa2b5e518704c399db31dc6e72 Loading...

	my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js	1.3 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash b614081809dfa41e92edc14e82a5b369 362db7dfb24a0c389751c1ccb87a5a87bdf52a12 d2561e2e4db21b516bdb596adcad376354344c7c0c1f0ba07d7ca7c7949b7eae Loading...

	my.forms.app/static/js/icons.df638.js	244 kB	2023-03-08	2023-03-11
Pretty URL my.forms.app/static/js/icons.df638.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:17:40 Last Seen2023-03-11 10:23:40 Times Seen1 Hash ae7fce7f56c5eb943e2bcea88a8c52c6 175b753a3e8f929f02af9f8876bffe371d832ee5 d216b722e886db746286789b9bf70002c866667227720285c6c431d0dcee4345 Loading...

	js-agent.newrelic.com/nr-spa-1216.min.js	50 kB	2023-03-07	2024-03-22
Pretty URL js-agent.newrelic.com/nr-spa-1216.min.js IP 151.101.86.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:43 Times Seen568 Hash 63e2df852d15ab21d7ff8fc4363222e8 7ee401ba652db0a4ec960350e17216cda01e22fb 545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 05:21:35 Times Seen37111524 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js	12 kB	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen22 Hash 6f22af0424d3234ea6dc2b5a74bdaa82 04f0f797d5e3448c26ea500414659faf16fd1c6d 5fd7d8552884d1c3bd766bd941ad0aacb74b1c1cf019dcec8b27d0fb9ad51519 Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormView.ac83c.js	8.5 kB	2023-03-08	2023-03-11
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormView.ac83c.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:17:40 Last Seen2023-03-11 11:08:50 Times Seen1 Hash 668446659beba5437f38bf20d5b80545 22d1675160ab406df4e7f0e43097aacb92546395 43f90b4952210cdea19358558f2f5149c6eb5da9fa9fcfb5da688c7537a85d08 Loading...

	my.forms.app/static/js/mainheader.5f29b.js	8.6 kB	2023-03-08	2023-03-08
Pretty URL my.forms.app/static/js/mainheader.5f29b.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:17:40 Last Seen2023-03-08 07:09:28 Times Seen1 Hash 139fe249c36d3da6be4a30cecd810fad 79ba9b2d3fb9716172e5f357f9d8ad6985d560b1 640e430e4b740c48219934fefa038e8ea9d59f77c0b288d2d1be88a15a7e3663 Loading...

	forms.app/phishing	1.3 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash e4a57cf3dcfc03499d046adb27f828a3 6072256332013e10d514db05bade986e635cd042 5d7a478ffea3e08753c6c7788d0acd6c0acd34133c132fe3e69502415ae1b469 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-01-06
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:05:31 Last Seen2024-01-06 17:39:53 Times Seen66 Hash 99ba52a15d2da967b023016d1af58cbd 5c2246049c43834d17113877b4731bd4f9803d55 9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f Loading...

	my.forms.app/static/js/runtime~app.bb81e.js	24 kB	2023-03-08	2023-03-08
Pretty URL my.forms.app/static/js/runtime~app.bb81e.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:08:46 Last Seen2023-03-08 02:08:46 Times Seen1 Hash 5fa9c30328e7b9d073caeff18506ed9e cffdd296f9fb50fa4180d405b0142c33fe434bb5 800c4305bd8dcf4f47e3c84ca944c3dcaaf49589dba668e5c12327e7ddadffea Loading...

	my.forms.app/static/js/lang-en.bdd06.js	64 kB	2023-03-08	2023-03-08
Pretty URL my.forms.app/static/js/lang-en.bdd06.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:17:40 Last Seen2023-03-08 07:09:28 Times Seen1 Hash 9295a11ff3f246504a6e3659b23c3aa7 ea21fbefea60ff76f9761a11db861a3120297359 90c47e197a7361d4952ef40eb00b91fe7bfe0e52c1b80a77cc7433ca1ffeb017 Loading...

	forms.app/phishing	436 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 665c57f5b41614992796551d522b3688 acdca375f7132388872746598b383ad619612d62 9a09ac97cc0be90e25f6f7b104ac666b076a08b62fba0a30dabf6c78209a9040 Loading...

	widget.intercom.io/widget/tt7hkkgs	19 kB	2023-03-08	2023-03-08
Pretty URL widget.intercom.io/widget/tt7hkkgs IP 54.230.111.95 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:55:16 Last Seen2023-03-08 02:17:03 Times Seen1 Hash 316c4a9f455a8ae4adcf3a11c423830e a8e789aba2f19211bf818d2fcdfa9690a828f161 1136ad7ce95ffc8c50e9d9bd5b7fdb2c3c140263906ee6a615bcf1fd739ec758 Loading...

	my.forms.app/static/js/country-en.83d29.js	4.1 kB	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/country-en.83d29.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen35 Hash 940a407acc8939a4a5c1aee6c21b5054 2826a10137a69cdb9c0cbf90472785bbd32c9a6a adb51afb83492ea39672c5c0aa8a9f7a2f4f0c150e174adaad345ef42ecfe6b8 Loading...

	my.forms.app/static/js/vuegtm.3359a.js	10 kB	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/vuegtm.3359a.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen50 Hash 878db373bf77c263c9222dcde6a8015a e9b695528553768cec0ca6e81670b8ccfc55877f b8aed900cfea3a399c5b1477ac8b584e59b4c5c07d36dff1c3e16ea07bba6d93 Loading...

	my.forms.app/static/js/isvg.cd861.js	32 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/isvg.cd861.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 7147d1eef8329de02e4b1e1d52123a53 c2f709cf0e7283031149e628daefaba4749cd34b 1d3681118a66d11b6c9ccc2385d7a8b274179c9f61fbc4fe30c24be73d64a734 Loading...

	forms.app/assets/js/lazysizes.min.12809749.js	7.2 kB	2023-03-07	2023-03-17
Pretty URL forms.app/assets/js/lazysizes.min.12809749.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 128097497a5265b951d07bc4445072a8 da37014b95172ee145c7a5478f9861857d33cc5e 97185e25db9b6885bd39695f105c5dbf9736f51d7201059cdcc90399dfa79868 Loading...

	accounts.google.com/gsi/client	190 kB	2023-03-07	2023-03-08
Pretty URL accounts.google.com/gsi/client IP 216.58.207.237 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:06:06 Last Seen2023-03-08 03:09:25 Times Seen1 Hash 53978a2a7e73570ea54f8e7981f47f6c 2107782cb46f01975a752d1c1f014808bb8e6c59 a5891dca8e51dc0d00858e4459b2f9ed59957f46edc7a15e165111ec61c0c416 Loading...

	bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken	49 B	2023-03-07	2023-05-22
Pretty URL bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken IP 185.221.85.3 ASN #206998 New Relic International Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:29 Last Seen2023-05-22 08:03:01 Times Seen332 Hash f34efd1229ae6c1fec6c67f7fa8e20f9 477f40b6d9cb8a306b0aca97462caef4ab26cb6f a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-WPSL383	220 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-WPSL383 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:08:46 Last Seen2023-03-08 02:08:46 Times Seen1 Hash f577f6c09a36bf86f9c2b71640070da2 e6ded0f1dc24d721990eb17e4ef88a42f750af7c de2e9fce9c2d0ff4510729cbd71eb2d9eb5636fc30427fe47cb5bf2e4dbd8c09 Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.d4928.js	55 kB	2023-03-08	2023-03-11
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.d4928.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:17:40 Last Seen2023-03-11 11:08:50 Times Seen1 Hash 040047f864c55993f66d08dd5bfb09cc 2cacf5ead7b830ea4867cac6c6e39e57ab4f2309 59e42c6d1fe790159f7bb0bff19d0dacbeec6dd0c0ccf0f0b7aedc3ade85281e Loading...

	forms.app/phishing	59 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 36224baaac8e5a8ad6e3acee73c3262f 4ab1ae97f54a38da522273a5293d297a24f78550 585e54e20f705f059220642e77577aa0de9b7b0ab505c8000fed29d02460c992 Loading...

	forms.app/phishing	375 B	2023-03-07	2024-01-22
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-01-22 14:10:06 Times Seen10 Hash fb1287fd70883e651f085686002c9ca8 0359f31e27dcda183ae6623ab679aead74f2a867 e55c57249936358e468a9dd77446797fac1ac6b9308933b49a30840b011d1509 Loading...

	my.forms.app/form/609890b8001f18095ac075fc	31 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/form/609890b8001f18095ac075fc IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:23 Times Seen1 Hash 9c3ac40ba1ac193af7d39a1238f73f1d 2737fc7f5e4b24ebe140b86bfb1b22ec70448dd4 bb9f7c291f9c4a26471fe9a5ff68819cf1abeb047007890fab6662766d81a866 Loading...

	my.forms.app/static/js/vendor.523c4.js	387 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/vendor.523c4.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 59d7c686728e93ec4f5ae61c4dcc17eb 4e60cecd36abd46bedcd79d4df8bb11e2fa0c42d dcce901b5fdac9ba359b758a143b02d0b5860056b3ce0a78cd3d32d68428ebb0 Loading...

	my.forms.app/static/js/swal.4f135.js	75 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/swal.4f135.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:23 Times Seen1 Hash 1df6bb2224bc056f33b806cdbce97290 a47d85f6f99fd361a5c66d243fd5642f985be410 9d76d7c224be9260fae97ccfcf886a210f5da6ba7a082afd28b8a50de5760ce0 Loading...

	www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c	224 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:08:46 Last Seen2023-03-08 02:08:46 Times Seen1 Hash 5bc5088a32843f72f24f706554b14da5 4cd6266995262bd3a2c46ccc6a6a2beddb3e27e4 61f08d6a37b69364618ca4282cbd0fec980df8c0d94da2d2e351e684c2a6f0bb Loading...

	forms.app/phishing	32 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 272c2fe878c19fadf6978a4d68ef4e48 f8ead41a72e19f11ea1adda884fc3bb0448b9b8a be9123e3b842f356cbce35b0c6e625ad71a907a90c61b08411722924884f5595 Loading...

	connect.facebook.net/en_US/fbevents.js	103 kB	2023-03-08	2023-11-10
Pretty URL connect.facebook.net/en_US/fbevents.js IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:45:46 Last Seen2023-11-10 23:06:10 Times Seen10 Hash d78a7caef2779bec7d3e91de3eb77eeb 5af31c112f3bcd8f2866d4bf89e8455438b1e382 00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674 Loading...

	my.forms.app/static/js/asyncstyles.7792f.js	267 B	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/asyncstyles.7792f.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen40 Hash e9ab4946cf2a453adb928ba6eaf58699 1280272fc2b80ed3d22e058bd2007b46860f900a 624c98a4aae29a8b19af5a99ce8683003dad8f99ae42d2dbe7b8305930ddbc81 Loading...

	forms.app/phishing	4.5 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 054ec8d7a13b71c39845ceea6121f5d3 07e4c8843463aab30ea369d665d8b37bdec32ec3 1ae5cfac6209392a976bb05a374b8fa60f6110d082a0c9f0c506775245e1dd4e Loading...

	my.forms.app/form/609890b8001f18095ac075fc	382 B	2023-03-07	2024-02-04
Pretty URL my.forms.app/form/609890b8001f18095ac075fc IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-02-04 09:27:17 Times Seen24 Hash e72e4c3e46ae36de3f9b8097d7853cc8 5eda9fa6a697b768dacdebd64dd1bc8f54c0d7c8 65a37e7ef209e27df98273622b84fe04ba8e2b872820b224901b228e1aa6ae20 Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js	276 B	2023-03-07	2023-07-20
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-07-20 21:16:25 Times Seen10 Hash 60e1826dac4552933348dbc6f2195248 88464c417eddf576a5e50cfa81c23d295c10ad3b f7db3ba8fc51915040e02f20c1ebced4f77c326dde94c5918c04fd6fee821753 Loading...

	forms.app/phishing	181 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 10:31:08 Times Seen1 Hash a3766b9d610fe82e4c33b6ce8a414143 4409220371df125aab61cd1471b891879005f76a 9553606b9ba72442d77e6e250f65ce49a0300b9076ac88460d76845ba18497f1 Loading...

	snap.licdn.com/li.lms-analytics/insight.min.js	7.8 kB	2023-03-07	2024-01-14
Pretty URL snap.licdn.com/li.lms-analytics/insight.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-01-14 12:48:17 Times Seen22 Hash 93e8a332e6a6de807c6ef9fdac9689ae 68a0ccb463d6abb247149a50e0a90ff32dd98ad0 b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1 Loading...

	forms.app/phishing	371 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 8ccc21d15ac434591ac9cb2a820884f7 cc3df88ee3bdf6a18e5ef458f58e44abf77ebe6a 437f6268f19cee01c28b07b9f24acd2959c59af2fbfea4cf28969fc81ce00044 Loading...

	forms.app/assets/js/login.fb59ba75.js	6.8 kB	2023-03-07	2023-03-17
Pretty URL forms.app/assets/js/login.fb59ba75.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash fb59ba7597dcd98d717c8c657a4ada34 7ee097229df4c61da22b1b0c6dc3a1924a0d2de7 f604065e360fa22332cac11edf4948e1de95987a7d55f288c2f1e0ff692ec14a Loading...

	connect.facebook.net/signals/config/175163836725648?v=2.9.84&r=stable	300 kB	2023-03-08	2023-03-08
Pretty URL connect.facebook.net/signals/config/175163836725648?v=2.9.84&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:08:46 Last Seen2023-03-08 02:08:46 Times Seen1 Hash f725cd1e394a7f784b9386acd72c1d49 b291cf42a7da11cc4014918a93f00d83bf15a49b 2cffadc4fc7f014f7fed30189d9f61f614ce265da448cc22743701ee8d565d2a Loading...

	my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js	2.7 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash b8ed79dad68dce90610b507401c9f468 894d7e9b1e0b2c6ecd5d2258054e2785e52986bf 40a9ce4f3b40d4574f33406995c9ffe7861b4cbf248df1c3c146d47ef679c16b Loading...

	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:28:40 Last Seen2023-03-17 12:55:48 Times Seen1 Hash cedb242a337140e0dedb365b50a20508 cf2420a336b9405dfc7d236ec57873fe3ef0f726 5a39699f592d82029c73d15d80e407d51367dd5cf2d49172c9ad4aa8176ce67b Loading...

	bat.bing.com/bat.js	39 kB	2023-03-07	2023-08-25
Pretty URL bat.bing.com/bat.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2023-08-25 07:33:07 Times Seen42 Hash 16911c194f6e9313655f07c4eb9d8737 d39ccfa8c6d785af331afafe9e36336031f41b64 30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7 Loading...

	js.intercomcdn.com/frame.fb946af9.js	491 kB	2023-03-08	2023-03-08
Pretty URL js.intercomcdn.com/frame.fb946af9.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:08:46 Last Seen2023-03-08 02:08:46 Times Seen1 Hash 0a1fb874a5d92959c96f8daf1c279733 25ff92a8e0493f22a92e2648b1c4eeb319074a9d 9c796f66c9405682b846fec36c43d9398fd619b716c1f68a647616e003b57901 Loading...

	static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194	14 kB	2023-03-07	2024-04-26
Pretty URL static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP 172.64.156.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 05:43:44 Times Seen1638 Hash 19514b1be5ee33b45d32c1fcd4c67ec2 bdeab77b43cafcc638df9d7c26f1aa7f46bf1fd5 fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505 Loading...

	my.forms.app/static/js/FormView.2d11d.js	42 kB	2023-03-08	2023-03-08
Pretty URL my.forms.app/static/js/FormView.2d11d.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:17:40 Last Seen2023-03-08 02:08:46 Times Seen1 Hash dd93eb9c1f92bbb97165f7fc3fc3ae9f 140b1ccea6a9da054d6ec2fdf9647aa026eee255 dee0b030acd2126e7d05deafa508b17abff96b9eb7d6d13d543dc087fea9a1fb Loading...

	my.forms.app/static/js/iicon.59ea2.js	14 kB	2023-03-08	2023-03-11
Pretty URL my.forms.app/static/js/iicon.59ea2.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:17:40 Last Seen2023-03-11 10:23:39 Times Seen1 Hash bdf861a2d2ef2c86c3aa8ca3ad274e9f 61bfe3a01bfa51d8af1fdc5afc7c5fa0bbea97a5 06e437bbd67451d1a08aad211c2655f76760bddee13c89bb1e5ab1ac8bb3cf4a Loading...

	forms.app/phishing	311 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash ddaa30d51ee0f71c4968d3d67813b627 e637234a9d563c6d63625c9c15d30a9caaa62678 c83a831e4bea5290e196109a115452431af6120e4c1ba1dce989d489861d19b9 Loading...

	my.forms.app/static/js/dcomponents.15d95.js	10 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/dcomponents.15d95.js IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 569fbdf6935544c3d3a1784eb4592c55 a3b077edfefeda6c8f79ba3391c0a53d1f670da3 f560c445d21dbce15e9795fb6f878e5ca8396c3af72661d0f1b909cfea3b4256 Loading...

	www.google-analytics.com/plugins/ua/linkid.js	1.6 kB	2023-03-07	2024-04-27
Pretty URL www.google-analytics.com/plugins/ua/linkid.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-27 02:03:51 Times Seen1976 Hash 0cc3a63fe10060af4a349e5df666eefe 3e8d3925b550345123f2cab26568221fd4154f9c 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.98 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:08:46 Last Seen2023-03-08 02:08:46 Times Seen1 Hash c02b1724bd27843645aa34f68e43f7ad be26a9fe2deab2967915696974f2fa62e5e0054b 5c5661fa46790ad5ad9081ed3c74091116f42f0bdc260e9b5f462897be7e133a Loading...

	my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js	2.8 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash e85556c6d5667d1025d90d9ad68fddc2 fdbdd5dd08f53604861a99e01aebadab88e5b688 cb18595c1ff13181511c2dedd1a8d8944f70553778ae40d1071a64fa439eec1d Loading...

	my.forms.app/form/609890b8001f18095ac075fc	529 B	2023-03-07	2024-02-04
Pretty URL my.forms.app/form/609890b8001f18095ac075fc IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2024-02-04 09:27:17 Times Seen39 Hash b30e00db2b80d2fe812f8382a458c3fc 662bbe42b084b61225e0989dad839d6530d040e4 19a08fd38afae664a55ac38b648f59ed010be51d933272bc951f94f2934963e5 Loading...

		Size	First Seen	Last Seen
	#1 Write - fe364450e1391215f596d043488f989f	15 B	2023-03-07	2024-04-27
Pretty Observations First Seen2023-03-07 01:02:47 Last Seen2024-04-27 00:11:30 Times Seen14336 Hash fe364450e1391215f596d043488f989f d1848aa7b5cfd853609db178070771ad67d351e9 c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e Loading...

HTTP Transactions (121)

URL IP Response Size

my.forms.app/form/609890b8001f18095ac075fc

104.26.7.145

301 Moved Permanently

0 B

URL HTTP/1.1
my.forms.app/form/609890b8001f18095ac075fc
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /form/609890b8001f18095ac075fc HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 27 Sep 2022 01:42:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 27 Sep 2022 02:42:41 GMT
Location: https://my.forms.app/form/609890b8001f18095ac075fc
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kU05uO5klgNN46QVDnjDn5mhhgcaQl0x9rF4YDJlua2XNF%2B1Eftd5ItBkjKHJt%2FzNBfgQ0LmAhHe%2FpGLFhb58dMC0H1vqv80BzeFL%2FmBvCiNFBzG7qEd7nMS4sfl4w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75108b506986b529-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 01:03:16 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DfJ6Qh1KjZ3kR4PubGWE1MIYjHd5Pf7I9v5QWpxG5-oA5YBNeGeRzA==
Age: 2366

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8723
Expires: Tue, 27 Sep 2022 04:08:05 GMT
Date: Tue, 27 Sep 2022 01:42:42 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HXKu1JVGnrcWYFx8O2Wi4NYi5t7ML7zg2S-cFCs7pEXrjCFHCBo73A==
age: 76047
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2f54a490a37d7e8e711dab231a8bcad0
839ff2b83e83252a4c0156f14b5119de0bf7e935
345ac758b4c73981d52b8a3c4be4f74f799d39c8493b28de378ff2114dcd7202

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:42 GMT
Server: ECS (amb/6BAE)
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 27 Sep 2022 01:10:46 GMT
Expires: Tue, 27 Sep 2022 01:47:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Hy2PQFi5Fgu0PgqcNEm2DMKtgladQthph3jo5zrNgmTwl_ZYhVFXCQ==
Age: 1916

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/css/dcomponents.77be9.css

104.26.6.145

200 OK

2.0 kB

URL HTTP/2
my.forms.app/static/css/dcomponents.77be9.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6851), with no line terminators
Size
2.0 kB (1987 bytes)
Hash
4803b40f3c42dbecf937d4d0a40e0e83
7ec6c92683224abecd463687ae6938d4d89003f5
de7aa6dd515ab219251c1a15210098cef68b6302ed0d583f6b6e4dfd49696bfc

HTTP Headers

GET /static/css/dcomponents.77be9.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:06:01 GMT
vary: Accept-Encoding
etag: W/"63316b79-1ac3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tePQW0hb2c30vRjLoFQVybKrV7DnzfGlupsY6nWqtZi2Id%2FnhqWOmsCHRpMx1EiCXpuOIDto2jIqhUvm%2FpjZ145KiHBcuf5NnKTx0Vz0st4q6RN%2FZY%2FFvNg%2FCsT%2BtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db82b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-WPSL383

142.250.74.72

200 OK

76 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-WPSL383
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (15501)
Size
76 kB (76151 bytes)
Hash
42971e225d31694301c252d719d01f8b
95df65d243f4b0436743c06f510610f137f82464
9a148c5f93a8f98b3ba231126c16a334bffd25dea6e171dea79be49c67499802

HTTP Headers

GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Sep 2022 01:42:43 GMT
expires: Tue, 27 Sep 2022 01:42:43 GMT
cache-control: private, max-age=900
last-modified: Tue, 27 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76151
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css

104.26.6.145

200 OK

3.9 kB

URL HTTP/2
my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (17155), with no line terminators
Size
3.9 kB (3876 bytes)
Hash
71608067cae98a8643c2b468c568b900
beeae304f30f1ed28fa12a3e827bb4295a4b4cc6
765d19a0170fe41ebc5ee64b9ed92f74a555367c44e75ce02a995f8825f4fe64

HTTP Headers

GET /static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:28 GMT
vary: Accept-Encoding
etag: W/"63316b58-4303"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQkv1f4LMApj3o4mMPNWquWwlnlo2blHRaG%2B8k9ZLUbhCOkZt6PTnYIrlJ%2FxtA4tACQPZkOxd0IolqI5FADPiNsgKdgrxVnmKzgu%2FhhL2yOFo%2BJjkfuyX%2Bof4T5XBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b573c13b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/swal.2ebcf.css

104.26.6.145

200 OK

19 kB

URL HTTP/2
my.forms.app/static/css/swal.2ebcf.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (24334), with no line terminators
Size
19 kB (18645 bytes)
Hash
ae949dcd74d66d2c924a3751938ca894
bfa718fbcd6bdcabd03cbf41ced358c61a99edfd
e876d2c898fdebf9841973cc5442385be17633b06c27c7e239f8f7ee2c936424

HTTP Headers

GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:20 GMT
vary: Accept-Encoding
etag: W/"63316b50-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDX4y9o55dIhXrr%2BzLwb6xvn%2BNNHYIHWJJpp0dZaAI7YL6YMK1%2FvTeUn5v%2FwcvoCyXJvb9CsyoC%2F7kOuaIDsx6%2Fdm0v6px1YS1yIg5G3yYqyNUr32RvFQ6bVRg2UVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b571c04b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.165.41.15

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.165.41.15:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KpPPArsjXVhuUAhcRzJLTQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TE1EovBKL7WO35WKzcWNkTWDLTk=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/js/FormBuilder~FormDesign~FormView.ac83c.js

104.26.6.145

200 OK

65 kB

URL HTTP/2
my.forms.app/static/js/FormBuilder~FormDesign~FormView.ac83c.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (8506), with no line terminators
Size
65 kB (64842 bytes)
Hash
38fb04e9bfcba1ea22c989e0a7a450f8
def0446ed450ea0bd67b18c18616dace1c4b0847
8e963084dfc1b1016a0af4bc280a3047fab40eaf8f9eaeafa3a7d5bdc84ec994

HTTP Headers

GET /static/js/FormBuilder~FormDesign~FormView.ac83c.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:29 GMT
vary: Accept-Encoding
etag: W/"63316b59-213a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1l6voO97DMTmtHtW%2BjDE%2FJYhVifI%2BdlNkMoY34cLERnda8SBi%2F8af264o6GPO%2B0fF5TqW5cZKKxvcx%2FAaBsoWER7OHe%2BrRuzIxFnCdxnPlNTMJeRbBMZhsqjCesESg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b574c16b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js

104.26.6.145

200 OK

900 B

URL HTTP/2
my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2713), with no line terminators
Size
900 B (900 bytes)
Hash
f36dfec5c39f6e3f7fcb3e6f3ae8c8bb
b8a265b7c8cd52f4522639d3ea96a4efffaa57b2
86ca94f04c4eb330bd9756b1aa9ed8abc8f41a0669e11860c1f896d14c1bb69b

HTTP Headers

GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:58 GMT
vary: Accept-Encoding
etag: W/"63316b76-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDAobzjWOJpefJpy7ldZDZv2lJDRoA2NTg8EmcFnE2N8nyP%2F%2Ff0IPzqDAQi5IoFRytbDmrrv4DJRU%2FQuyPFQorVKAaRaM9JstP5mFuJ%2FCLDXg0oZWRcTh68PTU3I2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b573c15b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 200478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.forms.app/form/609890b8001f18095ac075fc/view

104.26.6.145

204 No Content

0 B

URL HTTP/2
api.forms.app/form/609890b8001f18095ac075fc/view
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /form/609890b8001f18095ac075fc/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 204 No Content
date: Tue, 27 Sep 2022 01:42:43 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9tkhWBhndwZPxgFYSRcvdz2FU3yuaSkrN2fq80Zl37dhdDDSzHDtv591qZL7oXa7%2F9k6%2FQFL5rmOkWWsDJWYKr%2BZq5h99E50QgX8vsCiHsgxeUMw%2BKcJMTn25tnxxtg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b58aea0b512-OSL
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

172.64.156.26

200 OK

14 kB

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
172.64.156.26:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
14 kB (14462 bytes)
Hash
f93ab53940d858c596fe8c02c6410359
b5bfa6a8da42fdb4660d7ae08666dc0ec7d5cb38
c8e05334eba3848e996bcb0e4e72fb75e5024a21213d58e9581b4cbde9a7abc5

HTTP Headers

GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75108b55fc530b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1137
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Last-Modified: Tue, 27 Sep 2022 01:23:46 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/img/form-disable.png

104.26.6.145

200 OK

9.9 kB

URL HTTP/2
my.forms.app/static/img/form-disable.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data
Size
9.9 kB (9896 bytes)
Hash
284c5d4bb722101d9ce5f925f5c0b9e7
c610bce010897692b228623b36a8da6e78ade7f5
d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650

HTTP Headers

GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/png
content-length: 9896
last-modified: Mon, 26 Sep 2022 09:06:01 GMT
etag: "63316b79-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGOOfphlQ%2Bc0dlm1ghsXOeRWBe5qW9l7MuB1W3C2OhriTMuEue3J9COy85rYiuS0eAwV3laWvx6ENTbl%2FkBoeRZhw0HEhhm2XBFFnjYVkadIsfeOcAEgR8EnjpTcgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a7ddab505-OSL
X-Firefox-Spdy: h2

my.forms.app/static/js/vendor.523c4.js

104.26.6.145

200 OK

176 kB

URL HTTP/2
my.forms.app/static/js/vendor.523c4.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (23129)
Size
176 kB (176137 bytes)
Hash
45f4983440aabe05e4bbf29f8c6cc5f9
900c3ece6b0b9908b11b7e2990a14625cb524806
65944eb95952599eff182607ff25bb270f0a8b857868877cebee2479afa10d76

HTTP Headers

GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:40 GMT
vary: Accept-Encoding
etag: W/"63316b64-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dneZ0jUljwVDOeP5ze2nNdbM6Vd5q5RqQTu8ynPjqH3pESJVU65xt8mbvUZjyIesB3jR8NdmMV%2BakkHqD8C6JboC2zkf4b%2BnzHhP21c1y5lRfwUhU28Ima3zXhNdhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db89b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/formsapp-logo-white.png

104.26.6.145

200 OK

6.0 kB

URL HTTP/2
forms.app/assets/img/formsapp-logo-white.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 372 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
6.0 kB (5999 bytes)
Hash
6ee2889a7dfce7a672edbdf7d6738417
104995abea6706eb66f18e2f044ab42f72f05340
af3b27797947e7ac9d456686cb71e31469c7b4df60ae88ae62f2b55584a3f7da

HTTP Headers

GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/png
content-length: 5999
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
etag: "632d9889-176f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuvEuRqSQMkUzFoV5X0nVmLI37JID%2FJRcpRT7G4JkG554pHa%2FPEbF38UNPgrz61o0F46FjfwIhl2LRJzi1EiuxFZyVzmFuYdcbGtwtbU1KnBvsJJHXGIJiVCdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c0e7db505-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/form-builder-blank.png

104.26.6.145

200 OK

149 B

URL HTTP/2
forms.app/assets/img/form-builder-blank.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
149 B (149 bytes)
Hash
eab6bf754eb6a790cc1240262c1c3a29
9ea4eaac5215410d39dadda7a62e8b287975521a
d19c316cd024fbefdb82a69b3233eea0f502b445dbe80c17c4596f295c354f12

HTTP Headers

GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-length: 149
last-modified: Fri, 23 Sep 2022 11:30:53 GMT
etag: "632d98ed-95"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KptdGUCuCCmXa1KjnXFLwICikpeB4LF06kCWNd3GgnHIEtlLVd95oacKKsQ6VjOUVsvtPPOtWXYQNNhOSUVy1g%2FPOxwvq5VHLPq7Zj8PpQay2MWMg0RSS4JqvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e99b505-OSL
X-Firefox-Spdy: h2

file.forms.app/sitefile/airtable.png

104.26.6.145

200 OK

7.9 kB

URL HTTP/2
file.forms.app/sitefile/airtable.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
7.9 kB (7872 bytes)
Hash
19a7c2326b69967597ddb56daf8193cd
b776238182c40619a030193004ed72a5cfb353f0
2717fab977ab9f4874181cdc47f0288934a86b0bca62101cff17d230ad85b421

HTTP Headers

GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=efHL%2FUO%2BAgcN7a7VjzMV3WB%2FuxhLuhXT%2FMH4DEKOzAhhDbqDyU5l4hdkRTHZa0GCo%2FxiSrooamaWyZ2nNKHzluj8G%2BMquF4n2w2lSHlZ7BI%2F5z3lBGBJLM9%2FicuN4G9I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e95b505-OSL
X-Firefox-Spdy: h2

forms.app/assets/iconfont/iconfont.woff

104.26.6.145

200 OK

18 kB

URL HTTP/2
forms.app/assets/iconfont/iconfont.woff
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 18416, version 1.0\012- data
Size
18 kB (18416 bytes)
Hash
64f7aa12b6b4451be569df62604435a5
45ce2923a9a7c71988b1528c07379233bae693dc
552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42

HTTP Headers

GET /assets/iconfont/iconfont.woff HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: application/font-woff
content-length: 18416
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
etag: "632d9889-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lg4imIKy5NUA%2B57%2F0o7XqG0%2Bx62MEOqlodrRSgC58Us6BN9%2F1v9uzi7sV%2F%2F3B1OTooMhcf5HAPGPOuhcHoD4y6o4%2FHUcpSe%2FXs173E7wuapHGIiIsjxaEwlDdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c7eb8b505-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/logo-home.svg

104.26.6.145

200 OK

8.9 kB

URL HTTP/2
forms.app/assets/img/logo-home.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
8.9 kB (8870 bytes)
Hash
0a5ffc1eac29a89d577e9798793e3cef
faf85bc1131657a542591211ceebc06e71e5d8f0
45b3d1d6b4f8116c81f9843241070adf0e4467e56fecfa153f2b9fbb81ccba94

HTTP Headers

GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
vary: Accept-Encoding
etag: W/"632d991d-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i8hoSlZOpEWaKyMxVr%2BhEYXw70SdHnmsB1FEtG1gDgv5E%2BUejgrWZVC14liQ3WVmLzVB%2Bix6%2BUa3VcV0fXb4DEE5eKRYp1bUI8w8Y7g3DpkDOfAwI8IuIG740w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c0e7eb505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/templates-resources.svg

104.26.6.145

200 OK

16 kB

URL HTTP/2
forms.app/assets/img/templates-resources.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (690)
Size
16 kB (16058 bytes)
Hash
c0fc51f588e13af4948f5f7502b3c974
9c8bb2e2b02d341bacb9f49de8656e44d7c11396
e66c30e937b6f24e9205f11c0bbaa875b0f8fbf1c4e42051e13d6f720757f7ae

HTTP Headers

GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:30:03 GMT
vary: Accept-Encoding
etag: W/"632d98bb-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKOnzZWqcAZNephPEHv2iwwu24YaiB%2Fm0jhDQx%2FbXt%2BNU4NgUNRFmiorDqo4SB5E7%2FV7oym0QcfQLKGOHjqDezaAsVbw%2Br%2BfbDSOEKUpOAxQDItPF4kFr2rJww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e98b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/help-resources.svg

104.26.6.145

200 OK

4.6 kB

URL HTTP/2
forms.app/assets/img/help-resources.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (757)
Size
4.6 kB (4635 bytes)
Hash
feccdecc8e7cb73f8ad5835ae26f7f62
9553e5ba32d1a01400b390b7a8a665e6c0f3cf33
8adb2c7801b4d1cec663f8aabd3a9761fc57dff238414babe31a8e46d81ee481

HTTP Headers

GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
vary: Accept-Encoding
etag: W/"632d9889-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtWIPf%2BqDI2m3sVUIO%2BtG6ZnflEWjvewxuRcRh4S3281g1TOgSN6IxGXIJQvO0mn1gnHbnHnvwK12yGq1gx1pZkOaWeyK4yZ4wkI8gAEGnaVsCSj7EDuJYa7RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e97b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/wordpress.png

104.26.6.145

200 OK

18 kB

URL HTTP/2
file.forms.app/sitefile/wordpress.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17653 bytes)
Hash
db3305932968c56bb4944ba5f0ddcc7d
0ef08070ec13482db9e1e72cb0b0b87f46bc72ab
ed84ebce2850ed53ccdf60823c97d9956900c5ccaa1ee4c9a08309dc173610d9

HTTP Headers

GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= wordpress.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S8drkBdxjwxLIx%2BpgfuCiL0IKtZOUCwrx9uoFq3s4HgDMQmXZPmh7%2BE0IYpEhQ50oO6OngeE1iJe3jt7y0VIYqvv%2Fr2AuAmHV019XUrncv4qX1bt5Yf6cQpOYkXI37AF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e92b505-OSL
X-Firefox-Spdy: h2

bat.bing.com/bat.js

13.107.21.200

200 OK

11 kB

URL HTTP/2
bat.bing.com/bat.js
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size
11 kB (11367 bytes)
Hash
293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab

HTTP Headers

GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=2CA4018274CB63CD134213AE753E62D1; domain=.bing.com; expires=Sun, 22-Oct-2023 01:42:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FB7701F5E73840F0BE49BF857B381CD2 Ref B: OSL30EDGE0521 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
17b745b5d3e387127df4aba170081743
e59dc2fcbab312428ac919358c3f8afe301e723b
94b6219f1fdabe19021204226c005ab3f82f148cbfabd240a999f18267895bdb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (19826 bytes)
Hash
cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Tue, 27 Sep 2022 00:41:09 GMT
expires: Tue, 27 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 3695
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

connect.facebook.net/en_US/fbevents.js

157.240.200.14

200 OK

27 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
27 kB (26840 bytes)
Hash
e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: ICUGTYZjbRlJKEbOSRVm2S99LVpk4i1BEL8BiO/0xHGy9jCe7qRzBZfKgfrEkd/Txy59LBxWiG/Qs6i79LeJ0Q==
priority: u=3,i
content-length: 26840
x-fb-trip-id: 1679558926
date: Tue, 27 Sep 2022 01:42:44 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1138
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Last-Modified: Tue, 27 Sep 2022 01:23:46 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

forms.app/static/icons/apple-touch-icon.png?v=1

104.26.6.145

200 OK

5.7 kB

URL HTTP/2
forms.app/static/icons/apple-touch-icon.png?v=1
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.7 kB (5681 bytes)
Hash
c43b1e0fe485cb53c3fd9330372b51c3
a0901719a49fee671cffea18381c0eb187a66f88
e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000

HTTP Headers

GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 26 Sep 2022 09:06:07 GMT
etag: "63316b7f-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ht9qCyoScDXRsqb2oyfxS2VC9PfFDmN8VuoIkfK7NVt20RV0ulc8DOxbjAc0b3bAreqszEnQFfniC17%2BXSjgj%2FVgBS%2FuzEEJm8L6Cxm52oFRQaEoEwUyl3L7NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5f2fb8b505-OSL
X-Firefox-Spdy: h2

forms.app/static/icons/favicon-16x16.png?v=1

104.26.6.145

200 OK

916 B

URL HTTP/2
forms.app/static/icons/favicon-16x16.png?v=1
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
916 B (916 bytes)
Hash
7b4d7d6e0968fe900568920543a5876e
c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056
2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6

HTTP Headers

GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-length: 916
last-modified: Mon, 26 Sep 2022 09:05:26 GMT
etag: "63316b56-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOy9tRPyezA9NeZachIZCXYBXFF5dR2mHjteq12u5jipkwzXoWAhh0v%2FFvfQQ38f%2FH9763ZOYvJhHTBNj2RL2CiE7xTUErJLoCFTDaBNIsxD2rxtOcxbbuPsmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5f2fb9b505-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2413
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Tue, 27 Sep 2022 01:42:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2413
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Tue, 27 Sep 2022 01:42:44 GMT
Connection: keep-alive

file.forms.app/sitefile/slack.png

104.26.6.145

200 OK

6.9 kB

URL HTTP/2
file.forms.app/sitefile/slack.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
6.9 kB (6905 bytes)
Hash
447eaa088a2dadb4aad0b1baa5d1acc1
9a5828f42e905a0a894ffec38ff616bab8bdbdc1
5492166bb2d0997a6f8fcd3341b6b89dd2fcd1f9e9d7eea26d2aaf9c506376e6

HTTP Headers

GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= slack.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nY2%2BLm2q%2BmHv9mVTv9YMNR2E%2BWIMDKfQTwipKCkdj0Yq0P5toCs0iK3555K%2F5JhwkLlUyLOsXz3p4NMmjIWTb%2FI%2FUtB%2BSPPYNMo1GteL3SQnAzG6JUxmiAJmHFvOHfEV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e86b505-OSL
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9163 bytes)
Hash
deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 14617
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accounts.google.com/gsi/client

216.58.207.237

200 OK

82 kB

URL HTTP/2
accounts.google.com/gsi/client
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
data
Size
82 kB (82335 bytes)
Hash
6c470aed687927ed4c4098f25902c626
d13f7faac02125b077c7d5c0e601658d7fb2d8bb
bc9295a8ed35911cf41a6ee78eaf87a4486387aa136564817ba549c1c87c394a

HTTP Headers

GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Tue, 27 Sep 2022 01:42:44 GMT
date: Tue, 27 Sep 2022 01:42:44 GMT
cache-control: private, max-age=1800
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-_eYLhPONofowIQyfhm9isA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fda34e4-86f9-4fb4-94af-575d6201fccb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5383 bytes)
Hash
e6c9691e104001fe54d3c6273b7b8596
481ec2135ca0a96484c36cced30776c871aedf8f
f9e5e087d8b6e9b357c9f93b00c5919d89d90ac9b48d2dcd1ac72bf775a5cf49

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fda34e4-86f9-4fb4-94af-575d6201fccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5383
x-amzn-requestid: d7b677b7-25f9-4197-a664-ec68b0dfedfe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y8ydSEuLoAMF6PA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e9788-7b57acc9288de40d252766a5;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 05:37:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: iTzA2XJ0QFByhrYBer4ULW96ZdCeXhceaxWEAvznURvaZadKQniVRg==
via: 1.1 0da9bec11a1bde5ca7f71b28194afd5a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 23:29:31 GMT
age: 7993
etag: "481ec2135ca0a96484c36cced30776c871aedf8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7455 bytes)
Hash
5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IWzfDNFlgYdqYnbQ9uWfOvqb5zl3I3mgTZrT5pU5P3EvetMRDN5P7w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:06:47 GMT
age: 2157
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7716 bytes)
Hash
8ef8d9284ebd57a7cf76ceb762291356
2b53c4f836970501a682dae07235215c487d35cc
3529ab97ab2214ee9c67ee234beac96cd40f0bd6092b92b71c60956ed5710b41

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7716
x-amzn-requestid: 1cf0b1c7-4611-40bf-b72a-412ebd03ef79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2KguFL7IAMFzKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bf137-2b7c15d3071e0266586fd17d;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 05:23:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eE2AvjvM7j07Go69VVEmTF8Q-KA5bZwOBdn_SgR5fcZj8lL760_q2Q==
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:57:22 GMT
age: 27922
etag: "2b53c4f836970501a682dae07235215c487d35cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=67a603cd-2fc4-41fe-8982-f1289a561fd4&sid=ad7bbc803e0511ed992da3a66c5353c2&vid=ad7c07203e0511ed94aca95408779a7e&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=530&pt=1664242961568,,,,,0,0,0,0,0,0,40,230,231,235,526,529,530,,,&pn=0,0&evt=pageLoad&sv=1&rn=550560

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=67a603cd-2fc4-41fe-8982-f1289a561fd4&sid=ad7bbc803e0511ed992da3a66c5353c2&vid=ad7c07203e0511ed94aca95408779a7e&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=530&pt=1664242961568,,,,,0,0,0,0,0,0,40,230,231,235,526,529,530,,,&pn=0,0&evt=pageLoad&sv=1&rn=550560
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=67a603cd-2fc4-41fe-8982-f1289a561fd4&sid=ad7bbc803e0511ed992da3a66c5353c2&vid=ad7c07203e0511ed94aca95408779a7e&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=530&pt=1664242961568,,,,,0,0,0,0,0,0,40,230,231,235,526,529,530,,,&pn=0,0&evt=pageLoad&sv=1&rn=550560 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=08869B8CA4B06C293B3B89A0A5456DEA; domain=.bing.com; expires=Sun, 22-Oct-2023 01:42:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 674AF5444E9A46128A8AA89B54EFFB65 Ref B: OSL30EDGE0521 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8255 bytes)
Hash
fa70ece15044b7318cb11ae5e37a64e7
04a0665f771562c3e56ac3542abe5bd3c4c1a6b5
8c974283b2ba0058114404af3e4818daa8cc56f270cb8a46f5f2f54de9d2f0e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8255
x-amzn-requestid: 3bf29c4a-406a-4645-ad18-44cd6f05d457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VnFEV-IAMFQMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfc6-3eaa337d1e1c1b6d5e951419;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: X-6P09-hgjmDFe4Y7P1KnXtJAuvJNen8XsBVIexf521SOxMivJ4t7A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:53:33 GMT
age: 28151
etag: "04a0665f771562c3e56ac3542abe5bd3c4c1a6b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664242962400&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2420034047&sess_cookie=623a93611837c9c4fde0edca27a&sess_cookie_flag=1&user_cookie=623a93611837c9c4fde0edca27a&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US

54.230.111.59

200 OK

43 B

URL HTTP/1.1
certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664242962400&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2420034047&sess_cookie=623a93611837c9c4fde0edca27a&sess_cookie_flag=1&user_cookie=623a93611837c9c4fde0edca27a&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
IP
54.230.111.59:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

HTTP Headers

GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664242962400&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2420034047&sess_cookie=623a93611837c9c4fde0edca27a&sess_cookie_flag=1&user_cookie=623a93611837c9c4fde0edca27a&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Mon, 26 Sep 2022 02:09:43 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: C0CcvIMdPi6EB83rkKp8ZH_CGkc8Qo4yKm0Y4VOgARyq4PKbK9nyfw==
Age: 84782

file.forms.app/sitefile/Google%20Analytics.png

104.26.6.145

200 OK

2.6 kB

URL HTTP/2
file.forms.app/sitefile/Google%20Analytics.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
2.6 kB (2562 bytes)
Hash
a904a894bbe8e5135275d666b481dd63
69ce7c76e2854c67766a7983963c0bd6529521ea
e3b65e4a4b6ddb93c7c4f6a6a73779c3fb886e92083a3e573ef3c0ea2e99e721

HTTP Headers

GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQjE3NSwBQimIq9dnZlmXZyH0zHuvkPlGAe%2BTAYGxN8pnEBF92IhKKLkyvLeyveLTxh01kU95V5HjQmu5ENOaOImNXkdY9JFw%2FtXlc2plhypE694omupX46Jow63q0fZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e8ab505-OSL
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.98

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2304), with no line terminators
Size
1.0 kB (1038 bytes)
Hash
83b1ad371ffaa17bb924cbdc6ac15440
eda2958f45ea3e2b5ec8015dbd7cb759c34d5044
89fa49183cdbeccd08e3d0a45b59deb5c17a081ebfdf4a5be3dbc69b1ee059df

HTTP Headers

GET /pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1038
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 27-Sep-2022 01:57:44 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&gjid=2016327782&_gid=736706781.1664242962&_u=aCDAgEAjAAAAAE~&z=872543510

64.233.162.155

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&gjid=2016327782&_gid=736706781.1664242962&_u=aCDAgEAjAAAAAE~&z=872543510
IP
64.233.162.155:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&gjid=2016327782&_gid=736706781.1664242962&_u=aCDAgEAjAAAAAE~&z=872543510 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bat.bing.com/p/action/137024713.js

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/p/action/137024713.js
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=17AF31E19F8560B319EC23CD9E706126; domain=.bing.com; expires=Sun, 22-Oct-2023 01:42:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ACF0495D73264B2B86FC7C13CD856BC4 Ref B: OSL30EDGE0521 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
dd1b035c29153e244b824c2531813c07
4a99099c174fe9e15bb47c10b3ed9bd2f10974ce
ac9ebda5ece2922d8706b6227551b880808bf3f2272a2e6441dcf57c3d76af5b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 01:42:44 GMT
Last-Modified: Tue, 27 Sep 2022 00:41:32 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HQI4Fwc5V3XwzbFt8kLiBo_J7BOGQBMeVvC7zXI3KEI3tFUp-PNgog==
Age: 3673

px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing

13.107.42.14

302 Found

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJDzTdfTR_pjwAAAYN8nFjpnX5s5ljW-7VhjtzFoOdPzvHWgiFHP9-eD0cPTKJLYM-wUliYVwqNlA; Max-Age=2592000; Expires=Thu, 27 Oct 2022 01:42:44 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQKabADcgplLWwAAAYN8nFjpGCUPdnjYEQXI22Wh2el2wn9tgkUYm77NKayhm8T27rWHMmZggQesyI_CF1IqDw; Max-Age=2592000; Expires=Thu, 27 Oct 2022 01:42:44 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&13ec2867-2bef-4d91-887c-d64c94e7ec5d"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 27-Sep-2023 01:42:44 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2350:u=1:x=1:i=1664242964:t=1664329364:v=2:sig=AQFUd0zab7kmNgY5XD4bkyIQRIr587c-"; Expires=Wed, 28 Sep 2022 01:42:44 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXpnsK7KzSibXmSbXqXKA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 2C450563078743E58FA22AEB2607C524 Ref B: OSL30EDGE0215 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
content-length: 0
X-Firefox-Spdy: h2

redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png

3.15.76.72

204 No Content

0 B

URL HTTP/2
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP
3.15.76.72:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Tue, 27 Sep 2022 01:42:44 GMT
server: Server
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&_u=aCDAgEAjAAAAAE~&z=15366104

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&_u=aCDAgEAjAAAAAE~&z=15366104
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&_u=aCDAgEAjAAAAAE~&z=15366104 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/587928374/?random=1664242962406&cv=9&fst=1664240400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3514025893&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/587928374/?random=1664242962406&cv=9&fst=1664240400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3514025893&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/587928374/?random=1664242962406&cv=9&fst=1664240400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3514025893&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue

13.107.42.14

302 Found

0 B

URL HTTP/2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&cc1012a3-4124-43e7-8710-e79363d072fd"; Domain=.linkedin.com; Expires=Wed, 27-Sep-2023 01:42:44 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220927014244f6d0b0bb-2b10-4c1f-8d4c-433d803e85d3AQHqd0TJ5gPdUtfSlyPloTC50dyaqUbN"; Domain=.www.linkedin.com; Expires=Wed, 27-Sep-2023 01:42:44 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjQyNDI5NjQ7MjswMjE8/twI4faeiLdfKJK4yrydmTHpneE2ZFqdbNyd/ahuhA==; Domain=.linkedin.com; Expires=Sun, 26 Mar 2023 01:42:44 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2392:u=1:x=1:i=1664242964:t=1664329364:v=2:sig=AQHiNRNJ4ZBOGebuPzacILAmdLqHYajw"; Expires=Wed, 28 Sep 2022 01:42:44 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXpnsK+WZoTOjYH8BZi2A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 242F885A21104859883E2A17FA6F3A84 Ref B: OSL30EDGE0215 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
content-length: 0
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664242963090&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664242963089.1421148929&it=1664242962475&coo=false&tm=1&rqm=GET

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664242963090&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664242963089.1421148929&it=1664242962475&coo=false&tm=1&rqm=GET
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664242963090&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664242963089.1421148929&it=1664242962475&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Tue, 27 Sep 2022 01:42:45 GMT
X-Firefox-Spdy: h2

px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true

13.107.42.14

200 OK

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&374cd96b-7d76-4a82-86f8-24478d5551b1"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 27-Sep-2023 01:42:45 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2396:u=1:x=1:i=1664242965:t=1664329365:v=2:sig=AQG-J9Nf9MTEKl6r1L2FrSwsNab0-X7p"; Expires=Wed, 28 Sep 2022 01:42:45 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXpnsLApMwTu3Hfx5o9KQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: EC6C887731A741119898C5C009D5AA7C Ref B: OSL30EDGE0215 Ref C: 2022-09-27T01:42:45Z
date: Tue, 27 Sep 2022 01:42:44 GMT
content-length: 0
X-Firefox-Spdy: h2

js-agent.newrelic.com/nr-spa-1216.min.js

151.101.86.137

200 OK

18 kB

URL HTTP/2
js-agent.newrelic.com/nr-spa-1216.min.js
IP
151.101.86.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32010)
Size
18 kB (18216 bytes)
Hash
6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a

HTTP Headers

GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Sep 2022 01:42:45 GMT
via: 1.1 varnish
x-served-by: cache-bma1660-BMA
x-cache: HIT
x-cache-hits: 746
x-timer: S1664242965.177834,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2

widget.intercom.io/widget/tt7hkkgs

54.230.111.95

302 Found

0 B

URL HTTP/2
widget.intercom.io/widget/tt7hkkgs
IP
54.230.111.95:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 20 Sep 2022 08:31:36 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kgORVyT2r_ZrS4fCnA7np9KrwMMvYKGwZoZ5osMxGV8Oy1dhcLgQNg==
age: 580270
X-Firefox-Spdy: h2

js.intercomcdn.com/shim.latest.js

54.230.111.118

200 OK

6.2 kB

URL HTTP/2
js.intercomcdn.com/shim.latest.js
IP
54.230.111.118:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Size
6.2 kB (6172 bytes)
Hash
e2231e13a844ee9948b851398e4a332b
a853ae750b305648e21287431acd0359fd4e21a7
fe7307ed40c11fe2302c35c6ada60403ff113b9ab8895d5405ce8aff51edcec5

HTTP Headers

GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6172
last-modified: Mon, 26 Sep 2022 16:31:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: M9sZAK_ccaxj9duwncDe_tarU7a3gHh8
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 01:42:10 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "e2231e13a844ee9948b851398e4a332b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TiCghb-P9qCOMbmIiRgLKQwr8izZ1n1-W-hkMyjpDprpqZaDjXGYCg==
age: 100
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

file.forms.app/sitefile/excel%20copy.png

104.26.6.145

200 OK

137 kB

URL HTTP/2
file.forms.app/sitefile/excel%20copy.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
137 kB (136622 bytes)
Hash
7cce04e14194cbac73f68f3a4b88f7f7
61dc140cf269502a9381b7057070d492bc9f0731
869bffa1b91d2bc4129747c9c4a8d5b14dcebb4219cdefc380fbb7fa256340ac

HTTP Headers

GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o2ahQ1whH8g3Pgz2rNtrsVDKjf9n%2FLb4xckATM6eI7A9rgXhDRUddlVhuKcYQ26L%2BfsAYyKj8NzQOiNtIOQ79rt0D94gWS9XpAtQEu7QbXTbDERi8jfV2eG1rWyKSe0w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e8cb505-OSL
X-Firefox-Spdy: h2

js.intercomcdn.com/vendor.3a7c9847.js

54.230.111.118

200 OK

103 kB

URL HTTP/2
js.intercomcdn.com/vendor.3a7c9847.js
IP
54.230.111.118:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (65431)
Size
103 kB (103170 bytes)
Hash
236abcc2b025cf06189a7c7054810042
eed74c964840f9c331e99db697c40b380658c863
39be98bc32ac117662b3cd7daad27cf6142b969c0bd86f9ded6f46bfe1ee0aa5

HTTP Headers

GET /vendor.3a7c9847.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103170
last-modified: Mon, 26 Sep 2022 14:34:45 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: VWZDkvQ18j.5VVKia4ApjxxnQXjOWxkL
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 00:36:07 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "236abcc2b025cf06189a7c7054810042"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -CCZ0dDirrD20xGxnoQKNzQ1bBIz5yh2WkdnxRSyHDTmwAOfNO-EWg==
age: 3999
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e5f770fe55857bcd52c8646fb42f36fe
a49a52682f711ef23af9ff3f9dd7770bdc05e78f
ffb3c38039a7d48fed1aa91ba8fe5793a779496ecfad2802d0f84cfcb2eb7ba3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4630
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:45 GMT
Last-Modified: Tue, 27 Sep 2022 00:25:35 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken

185.221.85.3

200 OK

73 B

URL HTTP/1.1
bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken
IP
185.221.85.3:0
ASN
#206998 New Relic International Limited

File type
ASCII text, with no line terminators
Size
73 B (73 bytes)
Hash
814f8120cdf5a972bdb0fd5521a92a5d
47f7b3cd340d1fe91766ff27602e319a79bcd14c
5f520e553ae6a634e84b7c8c8d36908d2efa441d716834fd98c012c402b1c3c8

HTTP Headers

GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 01:42:45 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75108b652dba98f4-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=aa1df60b5bfbbdd6; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5W%2BjmIKt9IWuB32HPaWVZeTvOEAjc9kTcpeI5R%2FVCdlFHVK1hZAhIt1gk94mkjiGvTtHUEtUoQhivNgrLnINoUyZhN3%2FoGcSSv2vhgHNQJMZtHRPe6%2BEvL93E796GCItAo%2BrGVK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip

bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1886&ck=1&ref=https://forms.app/phishing&st=1664242961568

185.221.85.3

200 OK

36 B

URL HTTP/1.1
bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1886&ck=1&ref=https://forms.app/phishing&st=1664242961568
IP
185.221.85.3:0
ASN
#206998 New Relic International Limited

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
0d8d15935a6f500cd86d99adcda8a7e4
6d1895be387c8665bf78450eb2c6b1d0f895c75d
1c9d746c3dc061ef3933f6fbf3231c8115b97dfec4dc294663268e9a7353699c

HTTP Headers

POST /resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1886&ck=1&ref=https://forms.app/phishing&st=1664242961568 HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 1133
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 01:42:45 GMT
Content-Type: text/plain
Content-Length: 36
Connection: keep-alive
CF-Ray: 75108b660e1998f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP%2FPBPtOm9k4srIdyaQbM%2FXOYPG1G3hxuREhSzQDLormARmxfjSXNh8DVwcI7kNWUVFf49QlGc0WQxL9M%2BP%2B3A9hHvvPK64mooah%2BWWoQn526HruhS4UUP29wlIcC9GrybeKqz8l"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare

bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2599&ck=1&ref=https://forms.app/phishing&ptid=a6493045-0001-b053-71db-01837c9c5bf2

185.221.85.3

200 OK

24 B

URL HTTP/1.1
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2599&ck=1&ref=https://forms.app/phishing&ptid=a6493045-0001-b053-71db-01837c9c5bf2
IP
185.221.85.3:0
ASN
#206998 New Relic International Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
24 B (24 bytes)
Hash
bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

HTTP Headers

POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2599&ck=1&ref=https://forms.app/phishing&ptid=a6493045-0001-b053-71db-01837c9c5bf2 HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 347
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 01:42:46 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 75108b6a7ff998f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHk5u2aIKVuOk1Z9vhyi%2B7%2F3%2BGDEAMocjPb4bMTqk9hULtZbr0LSxq2D7LsiQLcAJyx36GPjyAPAOpHdv5dGPsQqDu0S%2B2dspTRb4bAjvwzRDUa6nlPfwI%2FJIHExzI10gTPlDPdT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare

forms.app/assets/img/formsapp-logo.png

104.26.6.145

200 OK

3.5 kB

URL HTTP/2
forms.app/assets/img/formsapp-logo.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 400 x 87, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3548 bytes)
Hash
a77f4c80bac841f7d3d2aa02372b8861
840d40fc6bdfbddff8e5d917ef5b669d8c4543a2
84b597803bfe471883e8b519902994881ee7c85066fa09a5c01cf3a30bb645be

HTTP Headers

GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 3548
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
etag: "632d981e-ddc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gb754WXkpHrGQ7O36gZUtyBLeOSpTlZUcU1jMY4rDyClhRuzI85gLqHUJHLRVp4KM2t5zUy3EizgSpQ8wM7JpHsZqhL39LoBB8VCMOCDWH70ipa2w0BYPaMGFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6b6d8db505-OSL
X-Firefox-Spdy: h2

nexus-websocket-a.intercom.io/pubsub/5-LReox-hOoUWE9JfwukxD0EKE0SAduFs1gfOxIOqSJALr6kNWP8pwmi83H6zg1b_F1_rjpdfqYF4L_9UmRPWfrKZX1Z7s1Zdz2Hui?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined

35.174.127.31

101 Switching Protocols

0 B

URL HTTP/1.1
nexus-websocket-a.intercom.io/pubsub/5-LReox-hOoUWE9JfwukxD0EKE0SAduFs1gfOxIOqSJALr6kNWP8pwmi83H6zg1b_F1_rjpdfqYF4L_9UmRPWfrKZX1Z7s1Zdz2Hui?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP
35.174.127.31:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pubsub/5-LReox-hOoUWE9JfwukxD0EKE0SAduFs1gfOxIOqSJALr6kNWP8pwmi83H6zg1b_F1_rjpdfqYF4L_9UmRPWfrKZX1Z7s1Zdz2Hui?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ei/ES2aRBqKyA3GQi07Euw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 27 Sep 2022 01:42:46 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: L4AnfuyY6GjYT+wN2XaFX1oBIEQ=

forms.app/assets/img/google-play-logo.png

104.26.6.145

200 OK

7.6 kB

URL HTTP/2
forms.app/assets/img/google-play-logo.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 191 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7621 bytes)
Hash
b30b4bd0775acd1e172ed059d1151d4d
70d96852cfae2fdc113342e3bf46cc4ebe706815
cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b

HTTP Headers

GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 7621
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
etag: "632d991d-1dc5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wy2lvML2%2FhGznln5CoBtefYEIh0%2FmrRtyIa9mNUncVBDE56KhMBEhjAUJjpx9HDm6%2FT2Bq3o4PpgQ8csHEQlnqy0WxTh8jfJP01%2FzuQLM%2BS9bQrsg5g151PtUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6cee82b505-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/huawei-app.png

104.26.6.145

200 OK

7.4 kB

URL HTTP/2
forms.app/assets/img/huawei-app.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.4 kB (7360 bytes)
Hash
86c2e696aa2528b2cb3589897ba4bfb7
598e89de6512720a92e4e94a538e2eb64d746229
eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6

HTTP Headers

GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 7360
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
etag: "632d991d-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVtGmOV7isq574JZBol6ztAnxZBNQk9ZzUj2WFf%2Fz8ll3xfMjxebE5hSVeLBLsv7ZzXDDNa1Unf2uTMFlVjyySVzTt%2FwCRa27NWWjYnoCOvINCJ3ZGF6A5DdkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6cee83b505-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/app-store-logo.png

104.26.6.145

200 OK

7.6 kB

URL HTTP/2
forms.app/assets/img/app-store-logo.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7634 bytes)
Hash
02b87ac5a0d67d23008ed83695705c23
1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5
a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736

HTTP Headers

GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 7634
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
etag: "632d991d-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5PW%2Fs2A6IbQQfrkn%2BylubTdE5Zr6Hmn1aGvW6E7DOQa%2FCvAY8WkmkpKSOiMvPO5pK2tWNvYPd4p3889YOiG%2FYxTfrshL0MQQ9hq1J8s%2FLQeIglfE%2BzyGy1fSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6dcf01b505-OSL
X-Firefox-Spdy: h2

file.forms.app/sitefile/WhatsApp.png

104.26.6.145

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/WhatsApp.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FnMfuaID32X7vkHQ4fvWC7RJSDsfmZZRTMIQB2zPNUe%2BdcGk2exgqYaAWb16PGx4vqNFXfaWntLI1R9ULLnGMZWFrCjJf5Oi4%2BDysc%2FCR0iaRVAHJllZLV071H%2BZoPQF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e8bb505-OSL
X-Firefox-Spdy: h2

forms.app/cdn-cgi/rum?

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/cdn-cgi/rum?
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242968.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:50 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 75108b880a6fb505-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

my.forms.app/static/css/asyncstyles.4869d.css

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/asyncstyles.4869d.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:54 GMT
vary: Accept-Encoding
etag: W/"63316b72-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BInl4ddISW33pwMRgxGfAzgp35D09AkCjmqiJexyVTgJBQ9qn9vP8b80eqPP4aV6fvD9%2BVo3cEGq1vUvfc0VPihdYuOJH82a00aYOhHGkyrfonr9HfyfQxzP5OEWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db81b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:45 GMT
vary: Accept-Encoding
etag: W/"63316b69-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=divwHSFHbvU156M2%2FCet3X7RWEJXhMDUFwtyPGCCrVPccTb9ERx3cTpvW4UuiwjVw%2FO9QtH%2Bik1jY4B4Jw5w7V5LckJsgndG8OHY6OMe2OqXy7vRwM6zpC4DiKoPEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b572c0cb505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/iicon.8278c.css

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/iicon.8278c.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:37 GMT
vary: Accept-Encoding
etag: W/"63316b61-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IEI7FvApgE46YzXr4WI1wi9lZaN%2FkIJwwpBwFI5xAyrQa7zUCn1mJHJcDu7oGTnIfZG%2BhX%2F0YORVxU8LbDpremKK20x1MXYvfjcARXsSFv%2BrHKx3ss0DonuSFDcqjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db83b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/asyncstyles.7792f.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/asyncstyles.7792f.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:39 GMT
vary: Accept-Encoding
etag: W/"63316b63-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wxp35UUFmipQ0yAWeCZn8pdCcLExXRSBSiBayF%2BKu32J9wVnkiPjm9R51YQHa%2BNfVrPI0VbJFZcps1qmbpyJXhDmp4VJvv%2B6A7SFFzQ236qANi%2FcIC6HktWP0XOX7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db85b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/sheets.png

104.26.6.145

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/sheets.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= sheets.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SqErtWpMqGeudOMwh9%2Bldm6asiCJjbzQp8zngfaagzR4Zwn7eew5z%2BuNOh6qsSPhGjYPaDtpJ%2BsibdISsmKq53AmSuFklNbArtCSFHrFJCybezk2E6SEeR3Z%2BSyw6xOk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e88b505-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/blog-logo.svg

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/assets/img/blog-logo.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/blog-logo.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-ee0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y1jUvEahrT%2FMwYE1P38UrfPQgOg6nyEsqVTvi4lZNY53i%2FNQv7Hlf%2Bgr4%2F2m6RoK9FgRc5jsEK5l%2Bcz5kbu3A4AKAZF9KRXme618N%2Fr8Tz959JJM1rTVduqrdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c0e7fb505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/blog-resources.svg

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/assets/img/blog-resources.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
vary: Accept-Encoding
etag: W/"632d991d-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNmwz29Wg6g26fVJpzoW81nlTIqquVWApKb7HXrGhbEKMiROrS5LuVMOWPGTkJ5mPD8eMaSbGD1qK4ByuzCEWUzubIf2lfR11FpquOBy23oFger8xdPizf%2FSqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e96b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/envelope.svg

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/envelope.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:45 GMT
vary: Accept-Encoding
etag: W/"63316b69-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YDD56jSo5IrDkbNrSlL7VifMqhXu7ZbfkjrBLQ2hKviTBxEbMROfovg%2F5UfCrLMr2tgpCBDcFhB3okPqejwi0OwxABQdynI2DRpnr2OhE3Npe9Bi32S8VpB%2FLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea3b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

api-iam.intercom.io/messenger/web/ping

107.21.231.73

200 OK

0 B

URL HTTP/2
api-iam.intercom.io/messenger/web/ping
IP
107.21.231.73:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1664242970
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13332
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: f1b66ebe901a16f4847bfe83adad5a98f91a22aa
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 000hh9egcgpgeq7f5le0
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"eb9090fcb6f78ca0a78d05d9bc3be81d"
x-runtime: 0.331328
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0e4eed92dc7cf8528
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/facebook.svg

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/facebook.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:28 GMT
vary: Accept-Encoding
etag: W/"63316b58-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSLMU9yRgj3Uj6aCo5HRbV7AdVc58xRckK33Ax2REv3ss488mZZLqKC8NNhlPxdTeYxk2YuKf2ipT4aOTHY62mX9FBo2e7GEfH7VXZyk%2FF1Q8DojA9MSvNi42A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea0b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/runtime~app.bb81e.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/runtime~app.bb81e.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/runtime~app.bb81e.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:06:05 GMT
vary: Accept-Encoding
etag: W/"63316b7d-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvGr7hf72Nfs%2Fb1dxqYsSQDuIr4c9VREaoTiNWvzmcH8vC8AgLgOdAtpain40r8IcDcTnRFknIU75betJsmOyqVSl4VesP5GsuzjyrNyw62VW70hMrQC1G2PSJazgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db8ab505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:37 GMT
vary: Accept-Encoding
etag: W/"63316b61-512"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2BZlnS%2BgRX%2BHXN5uAq%2FFqHanzxvFgkXMSMhg2mYDn1MJgYakgtgzonDxyQMKvlL2uPNIIwx4xKopAr5wKRkbpAbZWjz8AkEdlM6jn3smb4M9Z6TlvCMM2quoGQt79g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b575c26b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/phishing

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/phishing
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 11:29:03 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYNwjTZ1PsMQGk%2Bg%2BgXhtL%2FZ9FFR4IcUcaNLgj%2FZj3iy%2Bp%2BvzMvWXnxf4NVmsxG4MsG7FnP7fEDKyk9uIuzv%2B8WJq8eae7mvTe%2BVjg4sCmsVzguOgE%2BQ%2FR%2BVAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a6dd4b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/trello.png

104.26.6.145

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/trello.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= trello.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6zjs4qQRfnfYwnUvwau7EYuy6NblKwgRn%2Fqam6hH4u7r3ASU48Li9fgewJe00SneEyoEfUrlo7nJXqmcj5wZzF2%2F5WZV5MmvRNF5MoG27iq8TWYX4jHpAVz%2B8xybh5t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e89b505-OSL
X-Firefox-Spdy: h2

my.forms.app/static/js/dcomponents.15d95.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/dcomponents.15d95.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:39 GMT
vary: Accept-Encoding
etag: W/"63316b63-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A00KJEpNFu8h4B1gZvpbP1DnP5rPRh1tVtPOlFML2lWbJ3ne4ThuWxY30Mub5M%2B2tJIYmtorddd8IrPVc7jYSRi4Z8alFxQWocIn4I8xX9XDbU4WKatzMZSVx8zYgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db86b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/swal.4f135.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/swal.4f135.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:21 GMT
vary: Accept-Encoding
etag: W/"63316b51-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KYg6ietT13pfUVGTQIzCPjC35lbJbaqL37R%2F7eXbyQE%2FMkvSXrNBgtAvBll3nyY%2F39nWP0Uj%2BqKyZP0MBI0%2FHQUNoIWE25B72vm%2BJMrI5RGFxWlB0BcgIV%2FiKkfntQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b571c05b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/mainheader.13de2.css

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/mainheader.13de2.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/mainheader.13de2.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:54 GMT
vary: Accept-Encoding
etag: W/"63316b72-19e0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtMUZr4YWf4ywPUKxQaTxA4n8GOuM82aMRwkyfvXVIeAeRL%2BxH4rk440OKLBNaScs1eFIh59%2B39WIi4OtI5lAnkGk5XN18qBvNc5TlzQ%2FUO1PXvtprGKZGvtmCZVUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b575c27b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/js/login.fb59ba75.js

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/assets/js/login.fb59ba75.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
vary: Accept-Encoding
etag: W/"632d9857-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnQlyynHtc3eb2KDkuuj%2FAgCQqf9S6Q32EUUj4zUsNL3nviJK0uMbDHuiIlodUioZmqAc2uiMinGqZJ3oxlDNAXcdD5KF83O9LFMBVjxh5LERVTl51ShJ0rPaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea4b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/Notion.png

104.26.6.145

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/Notion.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= Notion.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tL3ZNEbtDgX5Kyl1GvLTFYEaZBHKX%2BsoJHVjU8dejZGeeNMgiU9ytRPIAvJiE6eAUEwL%2Fl7b1tmRUgIUdIq8M%2FDT8oc75m4awE3eVb2riPmPEt4d9nhummmgX5AZdOPW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e94b505-OSL
X-Firefox-Spdy: h2

forms.app/cdn-cgi/rum?

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/cdn-cgi/rum?
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiMmYzYzUzY2NkYmU5YjRmYSIsInRyIjoiZGM4ODhjNjNmZWY2OGRkM2I4NzJjMGU2YzRiZGFkZDkiLCJ0aSI6MTY2NDI0Mjk2MzE3M319
traceparent: 00-dc888c63fef68dd3b872c0e6c4bdadd9-2f3c53ccdbe9b4fa-01
tracestate: 2885732@nr=0-1-2885732-286479549-2f3c53ccdbe9b4fa----1664242963173
content-type: application/json
Content-Length: 16775
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:45 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 75108b6439b6b505-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

my.forms.app/static/js/app.cbc86.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/app.cbc86.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/app.cbc86.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:06:02 GMT
vary: Accept-Encoding
etag: W/"63316b7a-3f33c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pLZ1eeBw8Z9fHsrr98VtxJC0q%2BYI5vUOHzUUOWJpFLjvs5WmbMgabY3JD5VkZZxf%2BIErYWCpi3Bf6A5HOI6Qb3%2FFdixX23HYswgsP87Ad%2BFOr2fEheqsyv0IrvGU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db84b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/mainheader.5f29b.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/mainheader.5f29b.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/mainheader.5f29b.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:48 GMT
vary: Accept-Encoding
etag: W/"63316b6c-21ac"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q11EuP%2F1tXrT%2B%2BrKC89gKLySMyN4OoAYqq6zJA8Tv1prSzAk6u%2F6FtyFvNBWdKkGrPIwFe71%2FYt2ukLNyS2fqEnZFUALWu%2FuVHlM9smvioyjsNkpUNOFkSISIfNAtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b575c29b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/google.svg

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/google.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:45 GMT
vary: Accept-Encoding
etag: W/"63316b69-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9tQWpeYBOcw8gJP3T6T6fCVg58iqDaa%2FMkI34c4zaG9Dm4XCrP67KldFNydjNymjDjbjjN5ZHx7ZSlrhMvZaZK6P2L951isMMFzmfZ5q9p%2B5nrRLn2ZLMAi9iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4e9fb505-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/apple.svg

104.26.6.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/apple.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:06:01 GMT
vary: Accept-Encoding
etag: W/"63316b79-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuQuQMUUQZpJK5NcRuGtDYIAkupzIYMCB4Par00A2cdLLG1fmZZ6poz06L8lpDEl%2FMSnw0sOUmYLqcjX3SxYQOZCqLGcuGhu%2FafwBCTzWrUJEjk2ThPFbdTVjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea1b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.forms.app/form/609890b8001f18095ac075fc/view

104.26.6.145

403 Forbidden

0 B

URL HTTP/2
api.forms.app/form/609890b8001f18095ac075fc/view
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /form/609890b8001f18095ac075fc/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Authorization: none
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 403 Forbidden
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfGV3b6XhPFPqtTdcs%2BMscpSlJo4GfF2wHCnP2vAxR%2FMDM8O6hD6VxbH6ctlWNjnbVUt1dvEtGUk8dB6b2w1YMi0S1irTN3dL5TOLaNqUdx8BDncWZ2Zq8Pe3HhH0qU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b599f10b512-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/app.bb6f5.css

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/app.bb6f5.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/app.bb6f5.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:37 GMT
vary: Accept-Encoding
etag: W/"63316b61-12356"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMPVi2nrVXPyJshxkRTZgq5mpVpH7KkF9gi3mdwJNFHruqj0lQG0P5rIqmvdzb4KZW8gyUagI%2FXscMJizV4BJ9VnC941HoJo0LJZ5TmyqdObqTLn1wrt01REyHuOqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55cb80b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/iicon.59ea2.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/iicon.59ea2.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/iicon.59ea2.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:48 GMT
vary: Accept-Encoding
etag: W/"63316b6c-349e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rw3fNq5NI%2FdfYDGEzh9ofilc8xA0AmQKaGK9HToPhIhIRm1VOG%2FS1ih3x9fAt5YeQbEx3PoZd9FelzJEANI%2FdRZfy9YfqVlSrGD2Pn6cgybLRKvEF2M9KLK6mnMrQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db88b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/country-en.83d29.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/country-en.83d29.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/country-en.83d29.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:33 GMT
vary: Accept-Encoding
etag: W/"63316b5d-102a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qhdD8ASNlNM%2FMmLGNmKd3X2cnajRFhlk90DPAyB4Vt8wHan26UvMW8C9Sdfm5s%2Bkf8ohhft3PMU%2FiztW3TGZv14ZmvaL516ALcVF3ZDisVgdAMJ9r0cs%2Bknw4L%2FAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b56bbe1b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:23 GMT
vary: Accept-Encoding
etag: W/"63316b53-114"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qEL0%2Bn8yPCPOAknZYBVHQFgfZShfg7svuJc5Z2KAybGtXT5wnZXfydYipDh%2Fp8MWDiKhxWAGvOH7cf1YsDwnF0JAA%2BSr5%2BWFtpw%2FWHTh%2B4VcUZLdjR9%2F0wilyG%2F1GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b573c11b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/vendor.88295.css

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/vendor.88295.css
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:36 GMT
vary: Accept-Encoding
etag: W/"63316b60-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpY%2B%2BVZemISzKsC51MJbkrfn0q3%2FJR%2F57eeAepyaX5U2zF4F2A9g6BE1GEPLi7HkZAHr3Usa1fuKCBdaQ39Mqaext03DbZYzDRMYisFBx7aiXjADfJQGZO%2BjRRgyTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55cb7fb505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/icons.df638.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/icons.df638.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/icons.df638.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:38 GMT
vary: Accept-Encoding
etag: W/"63316b62-3b710"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2qENKVDY4Ww3F7kWz8eyskB1a21Igv6lAmk5IP6rUe0i23ToR7SpwNnwWNTXflpf0UrJPT%2FHXSEub6IJ1qF8yPnL4GgfwnWxQ2zekv%2FxsMfu3HbQHJlk7Ip3g6aryw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a9ddeb505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/vuegtm.3359a.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/vuegtm.3359a.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:22 GMT
vary: Accept-Encoding
etag: W/"63316b52-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVHaDv3yC0atxQoXSGJZp1RHu7baKZXysRMphU%2B0Pv65Z0GJcxbG8ejHMdriAweSUYf5iH4v7tyn6133LXeZw3vWkoxcHMe4xoKv9i0yRuo5rKL1O6oYaYWVeojE5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b571c07b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/img/logo-home.svg

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/img/logo-home.svg
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:20 GMT
vary: Accept-Encoding
etag: W/"63316b50-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vr5NqxvPTDuhFdLpOs8tNBjCvg0xW73ir1Qx2uzFJ9InDzgrYGx7lm1sbZed6Id38qvSPDf7YZatEmDTQyyPEaqaeT5zhJZN5RpDzSi%2BqHvf9Gsbxw21VxNDpgSRng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a7dd8b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/form/609890b8001f18095ac075fc

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/form/609890b8001f18095ac075fc
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /form/609890b8001f18095ac075fc HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/html
last-modified: Mon, 26 Sep 2022 09:05:53 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d5LeHLQOkfS8j1OcY6VaSXTDWhI1f4h0wsGjImLfGfPDVJxtYrtrfssOVb9Si4moOU6ArvRmONn5a5pPyEOIIuwDEQH3d%2FuqUsWra4baY1OkBlEgw5y6zPScNJ%2BpiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b541ad6b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormView.2d11d.js

104.26.6.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/FormView.2d11d.js
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/FormView.2d11d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:42 GMT
vary: Accept-Encoding
etag: W/"63316b66-a5f2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8KFPeIbuDzlzUm2zrHlaz2JAFgaWxEM9mST3%2FQf9BZD8OPJ3kYbaEzr5voTgagulysIf%2FXLVYdC6lX%2B%2Bc%2B5jbiOjTT3VY1NDjix0GUxcMshgeM6%2F3koI2wH38t6qkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b574c1ab505-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/hubspot-crm.png

104.26.6.145

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/hubspot-crm.png
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= hubspot-crm.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3qO4KSDEqybeRu2z2U6i9SzOUZUlyX6gAMeSvb085nnMA%2FOsqVQTiNjG49gp78MG32mI8R2Cke1eln%2BI7704vX5o%2BVAyemnABWKDleM2oUbbZCL3dOvMmvJt47h31NZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e87b505-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (54)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP