| my.forms.app/form/609890b8001f18095ac075fc | 104.26.7.145 | 301 Moved Permanently | 0 B |
URL HTTP/1.1my.forms.app/form/609890b8001f18095ac075fc IP104.26.7.145:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /form/609890b8001f18095ac075fc HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 27 Sep 2022 01:42:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 27 Sep 2022 02:42:41 GMT
Location: https://my.forms.app/form/609890b8001f18095ac075fc
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kU05uO5klgNN46QVDnjDn5mhhgcaQl0x9rF4YDJlua2XNF%2B1Eftd5ItBkjKHJt%2FzNBfgQ0LmAhHe%2FpGLFhb58dMC0H1vqv80BzeFL%2FmBvCiNFBzG7qEd7nMS4sfl4w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75108b506986b529-OSL
alt-svc: h2=":443"; ma=60
|
|
| firefox.settings.services.mozilla.com/v1/ | 143.204.55.35 | 200 OK | 939 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/ IP143.204.55.35:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash2d12f67fe57a87e7366b662d153a5582 d7b02d81cc74f24a251d9363e0f4b0a149264ec1 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 01:03:16 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DfJ6Qh1KjZ3kR4PubGWE1MIYjHd5Pf7I9v5QWpxG5-oA5YBNeGeRzA==
Age: 2366
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashd2560f62890e75b8de444fed96c22f52 334ce0c48e606ee029f31eeb1463af87b1024bb9 4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8723
Expires: Tue, 27 Sep 2022 04:08:05 GMT
Date: Tue, 27 Sep 2022 01:42:42 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain | 143.204.55.49 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain IP143.204.55.49:0
File typePEM certificate\012- , ASCII text Hash6113f8408c59aebe188d6af273b90743 7398873bf00f99944eaa77ad3ebc0d43c23dba6b b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HXKu1JVGnrcWYFx8O2Wi4NYi5t7ML7zg2S-cFCs7pEXrjCFHCBo73A==
age: 76047
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash2f54a490a37d7e8e711dab231a8bcad0 839ff2b83e83252a4c0156f14b5119de0bf7e935 345ac758b4c73981d52b8a3c4be4f74f799d39c8493b28de378ff2114dcd7202
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:42 GMT
Server: ECS (amb/6BAE)
Content-Length: 279
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 143.204.55.35 | 200 OK | 329 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP143.204.55.35:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 27 Sep 2022 01:10:46 GMT
Expires: Tue, 27 Sep 2022 01:47:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Hy2PQFi5Fgu0PgqcNEm2DMKtgladQthph3jo5zrNgmTwl_ZYhVFXCQ==
Age: 1916
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashc939f97c8bcbfea356e92036803714bc 608c795e7c4fb943a4db49a4e4533c41ea717023 b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| my.forms.app/static/css/dcomponents.77be9.css | 104.26.6.145 | 200 OK | 2.0 kB |
URL HTTP/2my.forms.app/static/css/dcomponents.77be9.css IP104.26.6.145:0
File typeASCII text, with very long lines (6851), with no line terminators Hash4803b40f3c42dbecf937d4d0a40e0e83 7ec6c92683224abecd463687ae6938d4d89003f5 de7aa6dd515ab219251c1a15210098cef68b6302ed0d583f6b6e4dfd49696bfc
GET /static/css/dcomponents.77be9.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:06:01 GMT
vary: Accept-Encoding
etag: W/"63316b79-1ac3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tePQW0hb2c30vRjLoFQVybKrV7DnzfGlupsY6nWqtZi2Id%2FnhqWOmsCHRpMx1EiCXpuOIDto2jIqhUvm%2FpjZ145KiHBcuf5NnKTx0Vz0st4q6RN%2FZY%2FFvNg%2FCsT%2BtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db82b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-WPSL383 | 142.250.74.72 | 200 OK | 76 kB |
URL HTTP/2www.googletagmanager.com/gtm.js?id=GTM-WPSL383 IP142.250.74.72:0
File typeASCII text, with very long lines (15501) Hash42971e225d31694301c252d719d01f8b 95df65d243f4b0436743c06f510610f137f82464 9a148c5f93a8f98b3ba231126c16a334bffd25dea6e171dea79be49c67499802
GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Sep 2022 01:42:43 GMT
expires: Tue, 27 Sep 2022 01:42:43 GMT
cache-control: private, max-age=900
last-modified: Tue, 27 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76151
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashc939f97c8bcbfea356e92036803714bc 608c795e7c4fb943a4db49a4e4533c41ea717023 b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css | 104.26.6.145 | 200 OK | 3.9 kB |
URL HTTP/2my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css IP104.26.6.145:0
File typeASCII text, with very long lines (17155), with no line terminators Hash71608067cae98a8643c2b468c568b900 beeae304f30f1ed28fa12a3e827bb4295a4b4cc6 765d19a0170fe41ebc5ee64b9ed92f74a555367c44e75ce02a995f8825f4fe64
GET /static/css/FormBuilder~FormDesign~FormView~LocalForm.a2bed.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:28 GMT
vary: Accept-Encoding
etag: W/"63316b58-4303"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQkv1f4LMApj3o4mMPNWquWwlnlo2blHRaG%2B8k9ZLUbhCOkZt6PTnYIrlJ%2FxtA4tACQPZkOxd0IolqI5FADPiNsgKdgrxVnmKzgu%2FhhL2yOFo%2BJjkfuyX%2Bof4T5XBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b573c13b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/swal.2ebcf.css | 104.26.6.145 | 200 OK | 19 kB |
URL HTTP/2my.forms.app/static/css/swal.2ebcf.css IP104.26.6.145:0
File typeASCII text, with very long lines (24334), with no line terminators Hashae949dcd74d66d2c924a3751938ca894 bfa718fbcd6bdcabd03cbf41ced358c61a99edfd e876d2c898fdebf9841973cc5442385be17633b06c27c7e239f8f7ee2c936424
GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:20 GMT
vary: Accept-Encoding
etag: W/"63316b50-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDX4y9o55dIhXrr%2BzLwb6xvn%2BNNHYIHWJJpp0dZaAI7YL6YMK1%2FvTeUn5v%2FwcvoCyXJvb9CsyoC%2F7kOuaIDsx6%2Fdm0v6px1YS1yIg5G3yYqyNUr32RvFQ6bVRg2UVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b571c04b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 35.165.41.15 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.165.41.15:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KpPPArsjXVhuUAhcRzJLTQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TE1EovBKL7WO35WKzcWNkTWDLTk=
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashbfc8c650e23854f708a3dd54fca4393f b54c061cf5a5306a68112d403471914e839a68c8 84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| my.forms.app/static/js/FormBuilder~FormDesign~FormView.ac83c.js | 104.26.6.145 | 200 OK | 65 kB |
URL HTTP/2my.forms.app/static/js/FormBuilder~FormDesign~FormView.ac83c.js IP104.26.6.145:0
File typeASCII text, with very long lines (8506), with no line terminators Hash38fb04e9bfcba1ea22c989e0a7a450f8 def0446ed450ea0bd67b18c18616dace1c4b0847 8e963084dfc1b1016a0af4bc280a3047fab40eaf8f9eaeafa3a7d5bdc84ec994
GET /static/js/FormBuilder~FormDesign~FormView.ac83c.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:29 GMT
vary: Accept-Encoding
etag: W/"63316b59-213a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1l6voO97DMTmtHtW%2BjDE%2FJYhVifI%2BdlNkMoY34cLERnda8SBi%2F8af264o6GPO%2B0fF5TqW5cZKKxvcx%2FAaBsoWER7OHe%2BrRuzIxFnCdxnPlNTMJeRbBMZhsqjCesESg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b574c16b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js | 104.26.6.145 | 200 OK | 900 B |
URL HTTP/2my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js IP104.26.6.145:0
File typeASCII text, with very long lines (2713), with no line terminators Hashf36dfec5c39f6e3f7fcb3e6f3ae8c8bb b8a265b7c8cd52f4522639d3ea96a4efffaa57b2 86ca94f04c4eb330bd9756b1aa9ed8abc8f41a0669e11860c1f896d14c1bb69b
GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:58 GMT
vary: Accept-Encoding
etag: W/"63316b76-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDAobzjWOJpefJpy7ldZDZv2lJDRoA2NTg8EmcFnE2N8nyP%2F%2Ff0IPzqDAQi5IoFRytbDmrrv4DJRU%2FQuyPFQorVKAaRaM9JstP5mFuJ%2FCLDXg0oZWRcTh68PTU3I2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b573c15b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 142.250.74.163 | 200 OK | 45 kB |
URL HTTP/2fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP142.250.74.163:0
File typeWeb Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data Hash565ce506190ad3af920b40baf1794cec ad3cba5d06100e09449a864d3b5e58403b478b3d 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 200478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash737756d717fd215d94458a21028ae486 ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f 8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| api.forms.app/form/609890b8001f18095ac075fc/view | 104.26.6.145 | 204 No Content | 0 B |
URL HTTP/2api.forms.app/form/609890b8001f18095ac075fc/view IP104.26.6.145:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /form/609890b8001f18095ac075fc/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 01:42:43 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9tkhWBhndwZPxgFYSRcvdz2FU3yuaSkrN2fq80Zl37dhdDDSzHDtv591qZL7oXa7%2F9k6%2FQFL5rmOkWWsDJWYKr%2BZq5h99E50QgX8vsCiHsgxeUMw%2BKcJMTn25tnxxtg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b58aea0b512-OSL
X-Firefox-Spdy: h2
|
|
| static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 | 172.64.156.26 | 200 OK | 14 kB |
URL HTTP/2static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP172.64.156.26:0
Hashf93ab53940d858c596fe8c02c6410359 b5bfa6a8da42fdb4660d7ae08666dc0ec7d5cb38 c8e05334eba3848e996bcb0e4e72fb75e5024a21213d58e9581b4cbde9a7abc5
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75108b55fc530b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash5b7b66f5886a12421c3f3970bbf49d5a 13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8 3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashcf99681f6f1d6e00e0abca7033eb6219 73261f7daa90ce6fd7a81b10ed7bd762200c3f28 3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1137
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Last-Modified: Tue, 27 Sep 2022 01:23:46 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash5b7b66f5886a12421c3f3970bbf49d5a 13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8 3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| my.forms.app/static/img/form-disable.png | 104.26.6.145 | 200 OK | 9.9 kB |
URL HTTP/2my.forms.app/static/img/form-disable.png IP104.26.6.145:0
File typePNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data Hash284c5d4bb722101d9ce5f925f5c0b9e7 c610bce010897692b228623b36a8da6e78ade7f5 d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650
GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/png
content-length: 9896
last-modified: Mon, 26 Sep 2022 09:06:01 GMT
etag: "63316b79-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGOOfphlQ%2Bc0dlm1ghsXOeRWBe5qW9l7MuB1W3C2OhriTMuEue3J9COy85rYiuS0eAwV3laWvx6ENTbl%2FkBoeRZhw0HEhhm2XBFFnjYVkadIsfeOcAEgR8EnjpTcgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a7ddab505-OSL
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/vendor.523c4.js | 104.26.6.145 | 200 OK | 176 kB |
URL HTTP/2my.forms.app/static/js/vendor.523c4.js IP104.26.6.145:0
File typeUnicode text, UTF-8 text, with very long lines (23129) Size176 kB (176137 bytes) Hash45f4983440aabe05e4bbf29f8c6cc5f9 900c3ece6b0b9908b11b7e2990a14625cb524806 65944eb95952599eff182607ff25bb270f0a8b857868877cebee2479afa10d76
GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:40 GMT
vary: Accept-Encoding
etag: W/"63316b64-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dneZ0jUljwVDOeP5ze2nNdbM6Vd5q5RqQTu8ynPjqH3pESJVU65xt8mbvUZjyIesB3jR8NdmMV%2BakkHqD8C6JboC2zkf4b%2BnzHhP21c1y5lRfwUhU28Ima3zXhNdhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db89b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/formsapp-logo-white.png | 104.26.6.145 | 200 OK | 6.0 kB |
URL HTTP/2forms.app/assets/img/formsapp-logo-white.png IP104.26.6.145:0
File typePNG image data, 372 x 80, 8-bit/color RGBA, non-interlaced\012- data Hash6ee2889a7dfce7a672edbdf7d6738417 104995abea6706eb66f18e2f044ab42f72f05340 af3b27797947e7ac9d456686cb71e31469c7b4df60ae88ae62f2b55584a3f7da
GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/png
content-length: 5999
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
etag: "632d9889-176f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuvEuRqSQMkUzFoV5X0nVmLI37JID%2FJRcpRT7G4JkG554pHa%2FPEbF38UNPgrz61o0F46FjfwIhl2LRJzi1EiuxFZyVzmFuYdcbGtwtbU1KnBvsJJHXGIJiVCdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c0e7db505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/form-builder-blank.png | 104.26.6.145 | 200 OK | 149 B |
URL HTTP/2forms.app/assets/img/form-builder-blank.png IP104.26.6.145:0
File typePNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data Hasheab6bf754eb6a790cc1240262c1c3a29 9ea4eaac5215410d39dadda7a62e8b287975521a d19c316cd024fbefdb82a69b3233eea0f502b445dbe80c17c4596f295c354f12
GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-length: 149
last-modified: Fri, 23 Sep 2022 11:30:53 GMT
etag: "632d98ed-95"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KptdGUCuCCmXa1KjnXFLwICikpeB4LF06kCWNd3GgnHIEtlLVd95oacKKsQ6VjOUVsvtPPOtWXYQNNhOSUVy1g%2FPOxwvq5VHLPq7Zj8PpQay2MWMg0RSS4JqvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e99b505-OSL
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/airtable.png | 104.26.6.145 | 200 OK | 7.9 kB |
URL HTTP/2file.forms.app/sitefile/airtable.png IP104.26.6.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Hash19a7c2326b69967597ddb56daf8193cd b776238182c40619a030193004ed72a5cfb353f0 2717fab977ab9f4874181cdc47f0288934a86b0bca62101cff17d230ad85b421
GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=efHL%2FUO%2BAgcN7a7VjzMV3WB%2FuxhLuhXT%2FMH4DEKOzAhhDbqDyU5l4hdkRTHZa0GCo%2FxiSrooamaWyZ2nNKHzluj8G%2BMquF4n2w2lSHlZ7BI%2F5z3lBGBJLM9%2FicuN4G9I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e95b505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/iconfont/iconfont.woff | 104.26.6.145 | 200 OK | 18 kB |
URL HTTP/2forms.app/assets/iconfont/iconfont.woff IP104.26.6.145:0
File typeWeb Open Font Format, TrueType, length 18416, version 1.0\012- data Hash64f7aa12b6b4451be569df62604435a5 45ce2923a9a7c71988b1528c07379233bae693dc 552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42
GET /assets/iconfont/iconfont.woff HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: application/font-woff
content-length: 18416
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
etag: "632d9889-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lg4imIKy5NUA%2B57%2F0o7XqG0%2Bx62MEOqlodrRSgC58Us6BN9%2F1v9uzi7sV%2F%2F3B1OTooMhcf5HAPGPOuhcHoD4y6o4%2FHUcpSe%2FXs173E7wuapHGIiIsjxaEwlDdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c7eb8b505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/logo-home.svg | 104.26.6.145 | 200 OK | 8.9 kB |
URL HTTP/2forms.app/assets/img/logo-home.svg IP104.26.6.145:0
File typeSVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text Hash0a5ffc1eac29a89d577e9798793e3cef faf85bc1131657a542591211ceebc06e71e5d8f0 45b3d1d6b4f8116c81f9843241070adf0e4467e56fecfa153f2b9fbb81ccba94
GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
vary: Accept-Encoding
etag: W/"632d991d-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i8hoSlZOpEWaKyMxVr%2BhEYXw70SdHnmsB1FEtG1gDgv5E%2BUejgrWZVC14liQ3WVmLzVB%2Bix6%2BUa3VcV0fXb4DEE5eKRYp1bUI8w8Y7g3DpkDOfAwI8IuIG740w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c0e7eb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/templates-resources.svg | 104.26.6.145 | 200 OK | 16 kB |
URL HTTP/2forms.app/assets/img/templates-resources.svg IP104.26.6.145:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (690) Hashc0fc51f588e13af4948f5f7502b3c974 9c8bb2e2b02d341bacb9f49de8656e44d7c11396 e66c30e937b6f24e9205f11c0bbaa875b0f8fbf1c4e42051e13d6f720757f7ae
GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:30:03 GMT
vary: Accept-Encoding
etag: W/"632d98bb-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKOnzZWqcAZNephPEHv2iwwu24YaiB%2Fm0jhDQx%2FbXt%2BNU4NgUNRFmiorDqo4SB5E7%2FV7oym0QcfQLKGOHjqDezaAsVbw%2Br%2BfbDSOEKUpOAxQDItPF4kFr2rJww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e98b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/help-resources.svg | 104.26.6.145 | 200 OK | 4.6 kB |
URL HTTP/2forms.app/assets/img/help-resources.svg IP104.26.6.145:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (757) Hashfeccdecc8e7cb73f8ad5835ae26f7f62 9553e5ba32d1a01400b390b7a8a665e6c0f3cf33 8adb2c7801b4d1cec663f8aabd3a9761fc57dff238414babe31a8e46d81ee481
GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:29:13 GMT
vary: Accept-Encoding
etag: W/"632d9889-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtWIPf%2BqDI2m3sVUIO%2BtG6ZnflEWjvewxuRcRh4S3281g1TOgSN6IxGXIJQvO0mn1gnHbnHnvwK12yGq1gx1pZkOaWeyK4yZ4wkI8gAEGnaVsCSj7EDuJYa7RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e97b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/wordpress.png | 104.26.6.145 | 200 OK | 18 kB |
URL HTTP/2file.forms.app/sitefile/wordpress.png IP104.26.6.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Hashdb3305932968c56bb4944ba5f0ddcc7d 0ef08070ec13482db9e1e72cb0b0b87f46bc72ab ed84ebce2850ed53ccdf60823c97d9956900c5ccaa1ee4c9a08309dc173610d9
GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= wordpress.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S8drkBdxjwxLIx%2BpgfuCiL0IKtZOUCwrx9uoFq3s4HgDMQmXZPmh7%2BE0IYpEhQ50oO6OngeE1iJe3jt7y0VIYqvv%2Fr2AuAmHV019XUrncv4qX1bt5Yf6cQpOYkXI37AF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e92b505-OSL
X-Firefox-Spdy: h2
|
|
| bat.bing.com/bat.js | 13.107.21.200 | 200 OK | 11 kB |
IP13.107.21.200:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
File typeUnicode text, UTF-8 text, with very long lines (38826), with no line terminators Hash293ae3e0fc8b0d5c143fdf9d8490228d 3976c659b908e70818a3a1ac71860b497fe2d1a9 04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=2CA4018274CB63CD134213AE753E62D1; domain=.bing.com; expires=Sun, 22-Oct-2023 01:42:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FB7701F5E73840F0BE49BF857B381CD2 Ref B: OSL30EDGE0521 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash17b745b5d3e387127df4aba170081743 e59dc2fcbab312428ac919358c3f8afe301e723b 94b6219f1fdabe19021204226c005ab3f82f148cbfabd240a999f18267895bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.google-analytics.com/analytics.js | 142.250.74.174 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.174:0
File typeASCII text, with very long lines (1325) Hashcae538dcce82598fbe43c0bf443e62dd cc68ac6be9c5e0087a0000e5735b83270ace30f5 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Tue, 27 Sep 2022 00:41:09 GMT
expires: Tue, 27 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 3695
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| connect.facebook.net/en_US/fbevents.js | 157.240.200.14 | 200 OK | 27 kB |
URL HTTP/2connect.facebook.net/en_US/fbevents.js IP157.240.200.14:0
File typeASCII text, with very long lines (64348) Hashe1327a02d76346c7e23d114e4e508b30 195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3 331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: ICUGTYZjbRlJKEbOSRVm2S99LVpk4i1BEL8BiO/0xHGy9jCe7qRzBZfKgfrEkd/Txy59LBxWiG/Qs6i79LeJ0Q==
priority: u=3,i
content-length: 26840
x-fb-trip-id: 1679558926
date: Tue, 27 Sep 2022 01:42:44 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash4538701cf9bc34d908f50370beb922f4 df141b9c3ec626ecaba7c1899073a48b811c4113 61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashcf99681f6f1d6e00e0abca7033eb6219 73261f7daa90ce6fd7a81b10ed7bd762200c3f28 3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1138
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Last-Modified: Tue, 27 Sep 2022 01:23:46 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
|
|
| forms.app/static/icons/apple-touch-icon.png?v=1 | 104.26.6.145 | 200 OK | 5.7 kB |
URL HTTP/2forms.app/static/icons/apple-touch-icon.png?v=1 IP104.26.6.145:0
File typePNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data Hashc43b1e0fe485cb53c3fd9330372b51c3 a0901719a49fee671cffea18381c0eb187a66f88 e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000
GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 26 Sep 2022 09:06:07 GMT
etag: "63316b7f-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ht9qCyoScDXRsqb2oyfxS2VC9PfFDmN8VuoIkfK7NVt20RV0ulc8DOxbjAc0b3bAreqszEnQFfniC17%2BXSjgj%2FVgBS%2FuzEEJm8L6Cxm52oFRQaEoEwUyl3L7NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5f2fb8b505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/static/icons/favicon-16x16.png?v=1 | 104.26.6.145 | 200 OK | 916 B |
URL HTTP/2forms.app/static/icons/favicon-16x16.png?v=1 IP104.26.6.145:0
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data Hash7b4d7d6e0968fe900568920543a5876e c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056 2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-length: 916
last-modified: Mon, 26 Sep 2022 09:05:26 GMT
etag: "63316b56-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOy9tRPyezA9NeZachIZCXYBXFF5dR2mHjteq12u5jipkwzXoWAhh0v%2FFvfQQ38f%2FH9763ZOYvJhHTBNj2RL2CiE7xTUErJLoCFTDaBNIsxD2rxtOcxbbuPsmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5f2fb9b505-OSL
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash5a6097201b7da81f6e9a6d99a7353a0c d4240fe80c76013b9f7b6fd09963aa47151b8d6a 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2413
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Tue, 27 Sep 2022 01:42:44 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash5a6097201b7da81f6e9a6d99a7353a0c d4240fe80c76013b9f7b6fd09963aa47151b8d6a 519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2413
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Tue, 27 Sep 2022 01:42:44 GMT
Connection: keep-alive
|
|
| file.forms.app/sitefile/slack.png | 104.26.6.145 | 200 OK | 6.9 kB |
URL HTTP/2file.forms.app/sitefile/slack.png IP104.26.6.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Hash447eaa088a2dadb4aad0b1baa5d1acc1 9a5828f42e905a0a894ffec38ff616bab8bdbdc1 5492166bb2d0997a6f8fcd3341b6b89dd2fcd1f9e9d7eea26d2aaf9c506376e6
GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= slack.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nY2%2BLm2q%2BmHv9mVTv9YMNR2E%2BWIMDKfQTwipKCkdj0Yq0P5toCs0iK3555K%2F5JhwkLlUyLOsXz3p4NMmjIWTb%2FI%2FUtB%2BSPPYNMo1GteL3SQnAzG6JUxmiAJmHFvOHfEV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e86b505-OSL
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg | 34.120.237.76 | 200 OK | 9.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashdeb8d1e3b6d7fbc8c8ba478269621676 84f5a4c8b38acde814bc790e5b514347718d5bb9 ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 14617
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| accounts.google.com/gsi/client | 216.58.207.237 | 200 OK | 82 kB |
URL HTTP/2accounts.google.com/gsi/client IP216.58.207.237:0
Hash6c470aed687927ed4c4098f25902c626 d13f7faac02125b077c7d5c0e601658d7fb2d8bb bc9295a8ed35911cf41a6ee78eaf87a4486387aa136564817ba549c1c87c394a
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Tue, 27 Sep 2022 01:42:44 GMT
date: Tue, 27 Sep 2022 01:42:44 GMT
cache-control: private, max-age=1800
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-_eYLhPONofowIQyfhm9isA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fda34e4-86f9-4fb4-94af-575d6201fccb.jpeg | 34.120.237.76 | 200 OK | 5.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fda34e4-86f9-4fb4-94af-575d6201fccb.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashe6c9691e104001fe54d3c6273b7b8596 481ec2135ca0a96484c36cced30776c871aedf8f f9e5e087d8b6e9b357c9f93b00c5919d89d90ac9b48d2dcd1ac72bf775a5cf49
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fda34e4-86f9-4fb4-94af-575d6201fccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5383
x-amzn-requestid: d7b677b7-25f9-4197-a664-ec68b0dfedfe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y8ydSEuLoAMF6PA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e9788-7b57acc9288de40d252766a5;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 05:37:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: iTzA2XJ0QFByhrYBer4ULW96ZdCeXhceaxWEAvznURvaZadKQniVRg==
via: 1.1 0da9bec11a1bde5ca7f71b28194afd5a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 23:29:31 GMT
age: 7993
etag: "481ec2135ca0a96484c36cced30776c871aedf8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg | 34.120.237.76 | 200 OK | 7.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash5274e770cb5a704916c8965659709f4a 1a26007f761e439db575fb80fb403031260aecf4 e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IWzfDNFlgYdqYnbQ9uWfOvqb5zl3I3mgTZrT5pU5P3EvetMRDN5P7w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:06:47 GMT
age: 2157
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg | 34.120.237.76 | 200 OK | 7.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8ef8d9284ebd57a7cf76ceb762291356 2b53c4f836970501a682dae07235215c487d35cc 3529ab97ab2214ee9c67ee234beac96cd40f0bd6092b92b71c60956ed5710b41
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7716
x-amzn-requestid: 1cf0b1c7-4611-40bf-b72a-412ebd03ef79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2KguFL7IAMFzKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bf137-2b7c15d3071e0266586fd17d;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 05:23:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eE2AvjvM7j07Go69VVEmTF8Q-KA5bZwOBdn_SgR5fcZj8lL760_q2Q==
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:57:22 GMT
age: 27922
etag: "2b53c4f836970501a682dae07235215c487d35cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=67a603cd-2fc4-41fe-8982-f1289a561fd4&sid=ad7bbc803e0511ed992da3a66c5353c2&vid=ad7c07203e0511ed94aca95408779a7e&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=530&pt=1664242961568,,,,,0,0,0,0,0,0,40,230,231,235,526,529,530,,,&pn=0,0&evt=pageLoad&sv=1&rn=550560 | 13.107.21.200 | 204 No Content | 0 B |
URL HTTP/2bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=67a603cd-2fc4-41fe-8982-f1289a561fd4&sid=ad7bbc803e0511ed992da3a66c5353c2&vid=ad7c07203e0511ed94aca95408779a7e&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=530&pt=1664242961568,,,,,0,0,0,0,0,0,40,230,231,235,526,529,530,,,&pn=0,0&evt=pageLoad&sv=1&rn=550560 IP13.107.21.200:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=67a603cd-2fc4-41fe-8982-f1289a561fd4&sid=ad7bbc803e0511ed992da3a66c5353c2&vid=ad7c07203e0511ed94aca95408779a7e&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=530&pt=1664242961568,,,,,0,0,0,0,0,0,40,230,231,235,526,529,530,,,&pn=0,0&evt=pageLoad&sv=1&rn=550560 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=08869B8CA4B06C293B3B89A0A5456DEA; domain=.bing.com; expires=Sun, 22-Oct-2023 01:42:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 674AF5444E9A46128A8AA89B54EFFB65 Ref B: OSL30EDGE0521 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg | 34.120.237.76 | 200 OK | 8.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashfa70ece15044b7318cb11ae5e37a64e7 04a0665f771562c3e56ac3542abe5bd3c4c1a6b5 8c974283b2ba0058114404af3e4818daa8cc56f270cb8a46f5f2f54de9d2f0e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8255
x-amzn-requestid: 3bf29c4a-406a-4645-ad18-44cd6f05d457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VnFEV-IAMFQMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfc6-3eaa337d1e1c1b6d5e951419;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: X-6P09-hgjmDFe4Y7P1KnXtJAuvJNen8XsBVIexf521SOxMivJ4t7A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:53:33 GMT
age: 28151
etag: "04a0665f771562c3e56ac3542abe5bd3c4c1a6b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664242962400&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2420034047&sess_cookie=623a93611837c9c4fde0edca27a&sess_cookie_flag=1&user_cookie=623a93611837c9c4fde0edca27a&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US | 54.230.111.59 | 200 OK | 43 B |
URL HTTP/1.1certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664242962400&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2420034047&sess_cookie=623a93611837c9c4fde0edca27a&sess_cookie_flag=1&user_cookie=623a93611837c9c4fde0edca27a&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US IP54.230.111.59:0
File typeGIF image data, version 89a, 1 x 1\012- data Hash221d8352905f2c38b3cb2bd191d630b0 d804b495cb9b84b9007a25b5d85f9ae674004cde 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1664242962400&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2420034047&sess_cookie=623a93611837c9c4fde0edca27a&sess_cookie_flag=1&user_cookie=623a93611837c9c4fde0edca27a&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Mon, 26 Sep 2022 02:09:43 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: C0CcvIMdPi6EB83rkKp8ZH_CGkc8Qo4yKm0Y4VOgARyq4PKbK9nyfw==
Age: 84782
|
|
| file.forms.app/sitefile/Google%20Analytics.png | 104.26.6.145 | 200 OK | 2.6 kB |
URL HTTP/2file.forms.app/sitefile/Google%20Analytics.png IP104.26.6.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Hasha904a894bbe8e5135275d666b481dd63 69ce7c76e2854c67766a7983963c0bd6529521ea e3b65e4a4b6ddb93c7c4f6a6a73779c3fb886e92083a3e573ef3c0ea2e99e721
GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQjE3NSwBQimIq9dnZlmXZyH0zHuvkPlGAe%2BTAYGxN8pnEBF92IhKKLkyvLeyveLTxh01kU95V5HjQmu5ENOaOImNXkdY9JFw%2FtXlc2plhypE694omupX46Jow63q0fZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e8ab505-OSL
X-Firefox-Spdy: h2
|
|
| googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4 | 142.250.74.98 | 200 OK | 1.0 kB |
URL HTTP/2googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4 IP142.250.74.98:0
File typeASCII text, with very long lines (2304), with no line terminators Hash83b1ad371ffaa17bb924cbdc6ac15440 eda2958f45ea3e2b5ec8015dbd7cb759c34d5044 89fa49183cdbeccd08e3d0a45b59deb5c17a081ebfdf4a5be3dbc69b1ee059df
GET /pagead/viewthroughconversion/587928374/?random=1664242962406&cv=9&fst=1664242962406&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=1107141774.1664242961&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1038
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 27-Sep-2022 01:57:44 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&gjid=2016327782&_gid=736706781.1664242962&_u=aCDAgEAjAAAAAE~&z=872543510 | 64.233.162.155 | 200 OK | 4 B |
URL HTTP/2stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&gjid=2016327782&_gid=736706781.1664242962&_u=aCDAgEAjAAAAAE~&z=872543510 IP64.233.162.155:0
File typeASCII text, with no line terminators Hash48c0473b7821185d937e685216e2168b 3743e47f8a429a5e87b86cb582d78940733d9d2e 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&gjid=2016327782&_gid=736706781.1664242962&_u=aCDAgEAjAAAAAE~&z=872543510 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| bat.bing.com/p/action/137024713.js | 13.107.21.200 | 204 No Content | 0 B |
URL HTTP/2bat.bing.com/p/action/137024713.js IP13.107.21.200:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=17AF31E19F8560B319EC23CD9E706126; domain=.bing.com; expires=Sun, 22-Oct-2023 01:42:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ACF0495D73264B2B86FC7C13CD856BC4 Ref B: OSL30EDGE0521 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash002d49bafbcc428a44fe523322ad9e05 b39aad0d1e941121f28af8f9b6d76f19216800d5 59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.158 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.158:0
Hashdd1b035c29153e244b824c2531813c07 4a99099c174fe9e15bb47c10b3ed9bd2f10974ce ac9ebda5ece2922d8706b6227551b880808bf3f2272a2e6441dcf57c3d76af5b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 01:42:44 GMT
Last-Modified: Tue, 27 Sep 2022 00:41:32 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HQI4Fwc5V3XwzbFt8kLiBo_J7BOGQBMeVvC7zXI3KEI3tFUp-PNgog==
Age: 3673
|
|
| px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing | 13.107.42.14 | 302 Found | 0 B |
URL HTTP/2px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing IP13.107.42.14:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJDzTdfTR_pjwAAAYN8nFjpnX5s5ljW-7VhjtzFoOdPzvHWgiFHP9-eD0cPTKJLYM-wUliYVwqNlA; Max-Age=2592000; Expires=Thu, 27 Oct 2022 01:42:44 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQKabADcgplLWwAAAYN8nFjpGCUPdnjYEQXI22Wh2el2wn9tgkUYm77NKayhm8T27rWHMmZggQesyI_CF1IqDw; Max-Age=2592000; Expires=Thu, 27 Oct 2022 01:42:44 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&13ec2867-2bef-4d91-887c-d64c94e7ec5d"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 27-Sep-2023 01:42:44 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2350:u=1:x=1:i=1664242964:t=1664329364:v=2:sig=AQFUd0zab7kmNgY5XD4bkyIQRIr587c-"; Expires=Wed, 28 Sep 2022 01:42:44 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXpnsK7KzSibXmSbXqXKA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 2C450563078743E58FA22AEB2607C524 Ref B: OSL30EDGE0215 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png | 3.15.76.72 | 204 No Content | 0 B |
URL HTTP/2redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png IP3.15.76.72:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 27 Sep 2022 01:42:44 GMT
server: Server
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash95f95fee6e94fb192e7c06459e3e3f8e 025638b85afcc833cd592c98cc941dd011d2526f dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash95f95fee6e94fb192e7c06459e3e3f8e 025638b85afcc833cd592c98cc941dd011d2526f dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&_u=aCDAgEAjAAAAAE~&z=15366104 | 142.250.74.3 | 200 OK | 42 B |
URL HTTP/2www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&_u=aCDAgEAjAAAAAE~&z=15366104 IP142.250.74.3:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-123158574-1&cid=2145851870.1664242961&jid=219101582&_u=aCDAgEAjAAAAAE~&z=15366104 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.google.no/pagead/1p-user-list/587928374/?random=1664242962406&cv=9&fst=1664240400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3514025893&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y | 142.250.74.3 | 200 OK | 42 B |
URL HTTP/2www.google.no/pagead/1p-user-list/587928374/?random=1664242962406&cv=9&fst=1664240400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3514025893&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y IP142.250.74.3:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/587928374/?random=1664242962406&cv=9&fst=1664240400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3514025893&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 01:42:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash95f95fee6e94fb192e7c06459e3e3f8e 025638b85afcc833cd592c98cc941dd011d2526f dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue | 13.107.42.14 | 302 Found | 0 B |
URL HTTP/2www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue IP13.107.42.14:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1664242962409%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&cc1012a3-4124-43e7-8710-e79363d072fd"; Domain=.linkedin.com; Expires=Wed, 27-Sep-2023 01:42:44 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220927014244f6d0b0bb-2b10-4c1f-8d4c-433d803e85d3AQHqd0TJ5gPdUtfSlyPloTC50dyaqUbN"; Domain=.www.linkedin.com; Expires=Wed, 27-Sep-2023 01:42:44 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjQyNDI5NjQ7MjswMjE8/twI4faeiLdfKJK4yrydmTHpneE2ZFqdbNyd/ahuhA==; Domain=.linkedin.com; Expires=Sun, 26 Mar 2023 01:42:44 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2392:u=1:x=1:i=1664242964:t=1664329364:v=2:sig=AQHiNRNJ4ZBOGebuPzacILAmdLqHYajw"; Expires=Wed, 28 Sep 2022 01:42:44 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXpnsK+WZoTOjYH8BZi2A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 242F885A21104859883E2A17FA6F3A84 Ref B: OSL30EDGE0215 Ref C: 2022-09-27T01:42:44Z
date: Tue, 27 Sep 2022 01:42:44 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664242963090&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664242963089.1421148929&it=1664242962475&coo=false&tm=1&rqm=GET | 157.240.200.35 | 200 OK | 0 B |
URL HTTP/2www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664242963090&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664242963089.1421148929&it=1664242962475&coo=false&tm=1&rqm=GET IP157.240.200.35:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1664242963090&sw=1280&sh=1024&v=2.9.84&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1664242963089.1421148929&it=1664242962475&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Tue, 27 Sep 2022 01:42:45 GMT
X-Firefox-Spdy: h2
|
|
| px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true | 13.107.42.14 | 200 OK | 0 B |
URL HTTP/2px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true IP13.107.42.14:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1664242962409&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&374cd96b-7d76-4a82-86f8-24478d5551b1"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 27-Sep-2023 01:42:45 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2396:u=1:x=1:i=1664242965:t=1664329365:v=2:sig=AQG-J9Nf9MTEKl6r1L2FrSwsNab0-X7p"; Expires=Wed, 28 Sep 2022 01:42:45 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXpnsLApMwTu3Hfx5o9KQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: EC6C887731A741119898C5C009D5AA7C Ref B: OSL30EDGE0215 Ref C: 2022-09-27T01:42:45Z
date: Tue, 27 Sep 2022 01:42:44 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| js-agent.newrelic.com/nr-spa-1216.min.js | 151.101.86.137 | 200 OK | 18 kB |
URL HTTP/2js-agent.newrelic.com/nr-spa-1216.min.js IP151.101.86.137:0
File typeASCII text, with very long lines (32010) Hash6561a2403142205f966207d61576f1a6 1310e72f494e12ab63a4280fc1600a2c89dc9bb8 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Sep 2022 01:42:45 GMT
via: 1.1 varnish
x-served-by: cache-bma1660-BMA
x-cache: HIT
x-cache-hits: 746
x-timer: S1664242965.177834,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
|
|
| widget.intercom.io/widget/tt7hkkgs | 54.230.111.95 | 302 Found | 0 B |
URL HTTP/2widget.intercom.io/widget/tt7hkkgs IP54.230.111.95:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 20 Sep 2022 08:31:36 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kgORVyT2r_ZrS4fCnA7np9KrwMMvYKGwZoZ5osMxGV8Oy1dhcLgQNg==
age: 580270
X-Firefox-Spdy: h2
|
|
| js.intercomcdn.com/shim.latest.js | 54.230.111.118 | 200 OK | 6.2 kB |
URL HTTP/2js.intercomcdn.com/shim.latest.js IP54.230.111.118:0
File typeUnicode text, UTF-8 text, with very long lines (18920), with no line terminators Hashe2231e13a844ee9948b851398e4a332b a853ae750b305648e21287431acd0359fd4e21a7 fe7307ed40c11fe2302c35c6ada60403ff113b9ab8895d5405ce8aff51edcec5
GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6172
last-modified: Mon, 26 Sep 2022 16:31:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: M9sZAK_ccaxj9duwncDe_tarU7a3gHh8
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 01:42:10 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "e2231e13a844ee9948b851398e4a332b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TiCghb-P9qCOMbmIiRgLKQwr8izZ1n1-W-hkMyjpDprpqZaDjXGYCg==
age: 100
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/excel%20copy.png | 104.26.6.145 | 200 OK | 137 kB |
URL HTTP/2file.forms.app/sitefile/excel%20copy.png IP104.26.6.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Size137 kB (136622 bytes) Hash7cce04e14194cbac73f68f3a4b88f7f7 61dc140cf269502a9381b7057070d492bc9f0731 869bffa1b91d2bc4129747c9c4a8d5b14dcebb4219cdefc380fbb7fa256340ac
GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o2ahQ1whH8g3Pgz2rNtrsVDKjf9n%2FLb4xckATM6eI7A9rgXhDRUddlVhuKcYQ26L%2BfsAYyKj8NzQOiNtIOQ79rt0D94gWS9XpAtQEu7QbXTbDERi8jfV2eG1rWyKSe0w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e8cb505-OSL
X-Firefox-Spdy: h2
|
|
| js.intercomcdn.com/vendor.3a7c9847.js | 54.230.111.118 | 200 OK | 103 kB |
URL HTTP/2js.intercomcdn.com/vendor.3a7c9847.js IP54.230.111.118:0
File typeUnicode text, UTF-8 text, with very long lines (65431) Size103 kB (103170 bytes) Hash236abcc2b025cf06189a7c7054810042 eed74c964840f9c331e99db697c40b380658c863 39be98bc32ac117662b3cd7daad27cf6142b969c0bd86f9ded6f46bfe1ee0aa5
GET /vendor.3a7c9847.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103170
last-modified: Mon, 26 Sep 2022 14:34:45 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: VWZDkvQ18j.5VVKia4ApjxxnQXjOWxkL
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 00:36:07 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "236abcc2b025cf06189a7c7054810042"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -CCZ0dDirrD20xGxnoQKNzQ1bBIz5yh2WkdnxRSyHDTmwAOfNO-EWg==
age: 3999
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashe5f770fe55857bcd52c8646fb42f36fe a49a52682f711ef23af9ff3f9dd7770bdc05e78f ffb3c38039a7d48fed1aa91ba8fe5793a779496ecfad2802d0f84cfcb2eb7ba3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4630
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 01:42:45 GMT
Last-Modified: Tue, 27 Sep 2022 00:25:35 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
|
|
| bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken | 185.221.85.3 | 200 OK | 73 B |
URL HTTP/1.1bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken IP185.221.85.3:0 ASN#206998 New Relic International Limited
File typeASCII text, with no line terminators Hash814f8120cdf5a972bdb0fd5521a92a5d 47f7b3cd340d1fe91766ff27602e319a79bcd14c 5f520e553ae6a634e84b7c8c8d36908d2efa441d716834fd98c012c402b1c3c8
GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1653&ck=1&ref=https://forms.app/phishing&be=262&fe=1588&dc=529&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664242961568,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:40,%22rp%22:230,%22rpe%22:231,%22dl%22:235,%22di%22:526,%22ds%22:529,%22de%22:530,%22dc%22:1587,%22l%22:1587,%22le%22:1596%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 01:42:45 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75108b652dba98f4-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=aa1df60b5bfbbdd6; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5W%2BjmIKt9IWuB32HPaWVZeTvOEAjc9kTcpeI5R%2FVCdlFHVK1hZAhIt1gk94mkjiGvTtHUEtUoQhivNgrLnINoUyZhN3%2FoGcSSv2vhgHNQJMZtHRPe6%2BEvL93E796GCItAo%2BrGVK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
|
|
| bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1886&ck=1&ref=https://forms.app/phishing&st=1664242961568 | 185.221.85.3 | 200 OK | 36 B |
URL HTTP/1.1bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1886&ck=1&ref=https://forms.app/phishing&st=1664242961568 IP185.221.85.3:0 ASN#206998 New Relic International Limited
File typeASCII text, with no line terminators Hash0d8d15935a6f500cd86d99adcda8a7e4 6d1895be387c8665bf78450eb2c6b1d0f895c75d 1c9d746c3dc061ef3933f6fbf3231c8115b97dfec4dc294663268e9a7353699c
POST /resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1886&ck=1&ref=https://forms.app/phishing&st=1664242961568 HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 1133
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 01:42:45 GMT
Content-Type: text/plain
Content-Length: 36
Connection: keep-alive
CF-Ray: 75108b660e1998f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP%2FPBPtOm9k4srIdyaQbM%2FXOYPG1G3hxuREhSzQDLormARmxfjSXNh8DVwcI7kNWUVFf49QlGc0WQxL9M%2BP%2B3A9hHvvPK64mooah%2BWWoQn526HruhS4UUP29wlIcC9GrybeKqz8l"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
|
|
| bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2599&ck=1&ref=https://forms.app/phishing&ptid=a6493045-0001-b053-71db-01837c9c5bf2 | 185.221.85.3 | 200 OK | 24 B |
URL HTTP/1.1bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2599&ck=1&ref=https://forms.app/phishing&ptid=a6493045-0001-b053-71db-01837c9c5bf2 IP185.221.85.3:0 ASN#206998 New Relic International Limited
File typeGIF image data, version 89a, 1 x 1\012- data Hashbc32ed98d624acb4008f986349a20d26 2d3df8c11d2168ce2c27e0937421d11d85016361 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2599&ck=1&ref=https://forms.app/phishing&ptid=a6493045-0001-b053-71db-01837c9c5bf2 HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 347
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 01:42:46 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 75108b6a7ff998f4-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHk5u2aIKVuOk1Z9vhyi%2B7%2F3%2BGDEAMocjPb4bMTqk9hULtZbr0LSxq2D7LsiQLcAJyx36GPjyAPAOpHdv5dGPsQqDu0S%2B2dspTRb4bAjvwzRDUa6nlPfwI%2FJIHExzI10gTPlDPdT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
|
|
| forms.app/assets/img/formsapp-logo.png | 104.26.6.145 | 200 OK | 3.5 kB |
URL HTTP/2forms.app/assets/img/formsapp-logo.png IP104.26.6.145:0
File typePNG image data, 400 x 87, 8-bit colormap, non-interlaced\012- data Hasha77f4c80bac841f7d3d2aa02372b8861 840d40fc6bdfbddff8e5d917ef5b669d8c4543a2 84b597803bfe471883e8b519902994881ee7c85066fa09a5c01cf3a30bb645be
GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 3548
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
etag: "632d981e-ddc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gb754WXkpHrGQ7O36gZUtyBLeOSpTlZUcU1jMY4rDyClhRuzI85gLqHUJHLRVp4KM2t5zUy3EizgSpQ8wM7JpHsZqhL39LoBB8VCMOCDWH70ipa2w0BYPaMGFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6b6d8db505-OSL
X-Firefox-Spdy: h2
|
|
| nexus-websocket-a.intercom.io/pubsub/5-LReox-hOoUWE9JfwukxD0EKE0SAduFs1gfOxIOqSJALr6kNWP8pwmi83H6zg1b_F1_rjpdfqYF4L_9UmRPWfrKZX1Z7s1Zdz2Hui?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined | 35.174.127.31 | 101 Switching Protocols | 0 B |
URL HTTP/1.1nexus-websocket-a.intercom.io/pubsub/5-LReox-hOoUWE9JfwukxD0EKE0SAduFs1gfOxIOqSJALr6kNWP8pwmi83H6zg1b_F1_rjpdfqYF4L_9UmRPWfrKZX1Z7s1Zdz2Hui?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined IP35.174.127.31:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pubsub/5-LReox-hOoUWE9JfwukxD0EKE0SAduFs1gfOxIOqSJALr6kNWP8pwmi83H6zg1b_F1_rjpdfqYF4L_9UmRPWfrKZX1Z7s1Zdz2Hui?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ei/ES2aRBqKyA3GQi07Euw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 27 Sep 2022 01:42:46 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: L4AnfuyY6GjYT+wN2XaFX1oBIEQ=
|
|
| forms.app/assets/img/google-play-logo.png | 104.26.6.145 | 200 OK | 7.6 kB |
URL HTTP/2forms.app/assets/img/google-play-logo.png IP104.26.6.145:0
File typePNG image data, 191 x 66, 8-bit/color RGBA, non-interlaced\012- data Hashb30b4bd0775acd1e172ed059d1151d4d 70d96852cfae2fdc113342e3bf46cc4ebe706815 cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b
GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 7621
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
etag: "632d991d-1dc5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wy2lvML2%2FhGznln5CoBtefYEIh0%2FmrRtyIa9mNUncVBDE56KhMBEhjAUJjpx9HDm6%2FT2Bq3o4PpgQ8csHEQlnqy0WxTh8jfJP01%2FzuQLM%2BS9bQrsg5g151PtUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6cee82b505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/huawei-app.png | 104.26.6.145 | 200 OK | 7.4 kB |
URL HTTP/2forms.app/assets/img/huawei-app.png IP104.26.6.145:0
File typePNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data Hash86c2e696aa2528b2cb3589897ba4bfb7 598e89de6512720a92e4e94a538e2eb64d746229 eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6
GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 7360
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
etag: "632d991d-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVtGmOV7isq574JZBol6ztAnxZBNQk9ZzUj2WFf%2Fz8ll3xfMjxebE5hSVeLBLsv7ZzXDDNa1Unf2uTMFlVjyySVzTt%2FwCRa27NWWjYnoCOvINCJ3ZGF6A5DdkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6cee83b505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/app-store-logo.png | 104.26.6.145 | 200 OK | 7.6 kB |
URL HTTP/2forms.app/assets/img/app-store-logo.png IP104.26.6.145:0
File typePNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data Hash02b87ac5a0d67d23008ed83695705c23 1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5 a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736
GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: image/png
content-length: 7634
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
etag: "632d991d-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5PW%2Fs2A6IbQQfrkn%2BylubTdE5Zr6Hmn1aGvW6E7DOQa%2FCvAY8WkmkpKSOiMvPO5pK2tWNvYPd4p3889YOiG%2FYxTfrshL0MQQ9hq1J8s%2FLQeIglfE%2BzyGy1fSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b6dcf01b505-OSL
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/WhatsApp.png | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2file.forms.app/sitefile/WhatsApp.png IP104.26.6.145:0
GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FnMfuaID32X7vkHQ4fvWC7RJSDsfmZZRTMIQB2zPNUe%2BdcGk2exgqYaAWb16PGx4vqNFXfaWntLI1R9ULLnGMZWFrCjJf5Oi4%2BDysc%2FCR0iaRVAHJllZLV071H%2BZoPQF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e8bb505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/cdn-cgi/rum? | 104.26.6.145 | 200 OK | 0 B |
IP104.26.6.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242968.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929; intercom-id-tt7hkkgs=9f338485-81c7-47c1-a105-0bb45ac28211; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:50 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 75108b880a6fb505-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/asyncstyles.4869d.css | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/asyncstyles.4869d.css IP104.26.6.145:0
GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:54 GMT
vary: Accept-Encoding
etag: W/"63316b72-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BInl4ddISW33pwMRgxGfAzgp35D09AkCjmqiJexyVTgJBQ9qn9vP8b80eqPP4aV6fvD9%2BVo3cEGq1vUvfc0VPihdYuOJH82a00aYOhHGkyrfonr9HfyfQxzP5OEWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db81b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css IP104.26.6.145:0
GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:45 GMT
vary: Accept-Encoding
etag: W/"63316b69-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=divwHSFHbvU156M2%2FCet3X7RWEJXhMDUFwtyPGCCrVPccTb9ERx3cTpvW4UuiwjVw%2FO9QtH%2Bik1jY4B4Jw5w7V5LckJsgndG8OHY6OMe2OqXy7vRwM6zpC4DiKoPEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b572c0cb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/iicon.8278c.css | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/iicon.8278c.css IP104.26.6.145:0
GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:37 GMT
vary: Accept-Encoding
etag: W/"63316b61-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IEI7FvApgE46YzXr4WI1wi9lZaN%2FkIJwwpBwFI5xAyrQa7zUCn1mJHJcDu7oGTnIfZG%2BhX%2F0YORVxU8LbDpremKK20x1MXYvfjcARXsSFv%2BrHKx3ss0DonuSFDcqjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db83b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/asyncstyles.7792f.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/asyncstyles.7792f.js IP104.26.6.145:0
GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:39 GMT
vary: Accept-Encoding
etag: W/"63316b63-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wxp35UUFmipQ0yAWeCZn8pdCcLExXRSBSiBayF%2BKu32J9wVnkiPjm9R51YQHa%2BNfVrPI0VbJFZcps1qmbpyJXhDmp4VJvv%2B6A7SFFzQ236qANi%2FcIC6HktWP0XOX7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db85b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/sheets.png | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2file.forms.app/sitefile/sheets.png IP104.26.6.145:0
GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= sheets.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SqErtWpMqGeudOMwh9%2Bldm6asiCJjbzQp8zngfaagzR4Zwn7eew5z%2BuNOh6qsSPhGjYPaDtpJ%2BsibdISsmKq53AmSuFklNbArtCSFHrFJCybezk2E6SEeR3Z%2BSyw6xOk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e88b505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/blog-logo.svg | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/img/blog-logo.svg IP104.26.6.145:0
GET /assets/img/blog-logo.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:27:26 GMT
vary: Accept-Encoding
etag: W/"632d981e-ee0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y1jUvEahrT%2FMwYE1P38UrfPQgOg6nyEsqVTvi4lZNY53i%2FNQv7Hlf%2Bgr4%2F2m6RoK9FgRc5jsEK5l%2Bcz5kbu3A4AKAZF9KRXme618N%2Fr8Tz959JJM1rTVduqrdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c0e7fb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/blog-resources.svg | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/img/blog-resources.svg IP104.26.6.145:0
GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Fri, 23 Sep 2022 11:31:41 GMT
vary: Accept-Encoding
etag: W/"632d991d-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNmwz29Wg6g26fVJpzoW81nlTIqquVWApKb7HXrGhbEKMiROrS5LuVMOWPGTkJ5mPD8eMaSbGD1qK4ByuzCEWUzubIf2lfR11FpquOBy23oFger8xdPizf%2FSqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e96b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/envelope.svg | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/envelope.svg IP104.26.6.145:0
GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:45 GMT
vary: Accept-Encoding
etag: W/"63316b69-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YDD56jSo5IrDkbNrSlL7VifMqhXu7ZbfkjrBLQ2hKviTBxEbMROfovg%2F5UfCrLMr2tgpCBDcFhB3okPqejwi0OwxABQdynI2DRpnr2OhE3Npe9Bi32S8VpB%2FLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea3b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| api-iam.intercom.io/messenger/web/ping | 107.21.231.73 | 200 OK | 0 B |
URL HTTP/2api-iam.intercom.io/messenger/web/ping IP107.21.231.73:0
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:46 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1664242970
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13332
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: f1b66ebe901a16f4847bfe83adad5a98f91a22aa
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 000hh9egcgpgeq7f5le0
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"eb9090fcb6f78ca0a78d05d9bc3be81d"
x-runtime: 0.331328
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0e4eed92dc7cf8528
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/facebook.svg | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/facebook.svg IP104.26.6.145:0
GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:28 GMT
vary: Accept-Encoding
etag: W/"63316b58-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSLMU9yRgj3Uj6aCo5HRbV7AdVc58xRckK33Ax2REv3ss488mZZLqKC8NNhlPxdTeYxk2YuKf2ipT4aOTHY62mX9FBo2e7GEfH7VXZyk%2FF1Q8DojA9MSvNi42A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea0b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/runtime~app.bb81e.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/runtime~app.bb81e.js IP104.26.6.145:0
GET /static/js/runtime~app.bb81e.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:06:05 GMT
vary: Accept-Encoding
etag: W/"63316b7d-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvGr7hf72Nfs%2Fb1dxqYsSQDuIr4c9VREaoTiNWvzmcH8vC8AgLgOdAtpain40r8IcDcTnRFknIU75betJsmOyqVSl4VesP5GsuzjyrNyw62VW70hMrQC1G2PSJazgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db8ab505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js IP104.26.6.145:0
GET /static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:37 GMT
vary: Accept-Encoding
etag: W/"63316b61-512"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2BZlnS%2BgRX%2BHXN5uAq%2FFqHanzxvFgkXMSMhg2mYDn1MJgYakgtgzonDxyQMKvlL2uPNIIwx4xKopAr5wKRkbpAbZWjz8AkEdlM6jn3smb4M9Z6TlvCMM2quoGQt79g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b575c26b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/phishing | 104.26.6.145 | 200 OK | 0 B |
IP104.26.6.145:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 11:29:03 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYNwjTZ1PsMQGk%2Bg%2BgXhtL%2FZ9FFR4IcUcaNLgj%2FZj3iy%2Bp%2BvzMvWXnxf4NVmsxG4MsG7FnP7fEDKyk9uIuzv%2B8WJq8eae7mvTe%2BVjg4sCmsVzguOgE%2BQ%2FR%2BVAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a6dd4b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/trello.png | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2file.forms.app/sitefile/trello.png IP104.26.6.145:0
GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= trello.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6zjs4qQRfnfYwnUvwau7EYuy6NblKwgRn%2Fqam6hH4u7r3ASU48Li9fgewJe00SneEyoEfUrlo7nJXqmcj5wZzF2%2F5WZV5MmvRNF5MoG27iq8TWYX4jHpAVz%2B8xybh5t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e89b505-OSL
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/dcomponents.15d95.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/dcomponents.15d95.js IP104.26.6.145:0
GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:39 GMT
vary: Accept-Encoding
etag: W/"63316b63-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A00KJEpNFu8h4B1gZvpbP1DnP5rPRh1tVtPOlFML2lWbJ3ne4ThuWxY30Mub5M%2B2tJIYmtorddd8IrPVc7jYSRi4Z8alFxQWocIn4I8xX9XDbU4WKatzMZSVx8zYgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db86b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/swal.4f135.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/swal.4f135.js IP104.26.6.145:0
GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:21 GMT
vary: Accept-Encoding
etag: W/"63316b51-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KYg6ietT13pfUVGTQIzCPjC35lbJbaqL37R%2F7eXbyQE%2FMkvSXrNBgtAvBll3nyY%2F39nWP0Uj%2BqKyZP0MBI0%2FHQUNoIWE25B72vm%2BJMrI5RGFxWlB0BcgIV%2FiKkfntQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b571c05b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/mainheader.13de2.css | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/mainheader.13de2.css IP104.26.6.145:0
GET /static/css/mainheader.13de2.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:54 GMT
vary: Accept-Encoding
etag: W/"63316b72-19e0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtMUZr4YWf4ywPUKxQaTxA4n8GOuM82aMRwkyfvXVIeAeRL%2BxH4rk440OKLBNaScs1eFIh59%2B39WIi4OtI5lAnkGk5XN18qBvNc5TlzQ%2FUO1PXvtprGKZGvtmCZVUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b575c27b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/js/login.fb59ba75.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/js/login.fb59ba75.js IP104.26.6.145:0
GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 11:28:23 GMT
vary: Accept-Encoding
etag: W/"632d9857-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnQlyynHtc3eb2KDkuuj%2FAgCQqf9S6Q32EUUj4zUsNL3nviJK0uMbDHuiIlodUioZmqAc2uiMinGqZJ3oxlDNAXcdD5KF83O9LFMBVjxh5LERVTl51ShJ0rPaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea4b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/Notion.png | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2file.forms.app/sitefile/Notion.png IP104.26.6.145:0
GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= Notion.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tL3ZNEbtDgX5Kyl1GvLTFYEaZBHKX%2BsoJHVjU8dejZGeeNMgiU9ytRPIAvJiE6eAUEwL%2Fl7b1tmRUgIUdIq8M%2FDT8oc75m4awE3eVb2riPmPEt4d9nhummmgX5AZdOPW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c2e94b505-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/cdn-cgi/rum? | 104.26.6.145 | 200 OK | 0 B |
IP104.26.6.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiMmYzYzUzY2NkYmU5YjRmYSIsInRyIjoiZGM4ODhjNjNmZWY2OGRkM2I4NzJjMGU2YzRiZGFkZDkiLCJ0aSI6MTY2NDI0Mjk2MzE3M319
traceparent: 00-dc888c63fef68dd3b872c0e6c4bdadd9-2f3c53ccdbe9b4fa-01
tracestate: 2885732@nr=0-1-2885732-286479549-2f3c53ccdbe9b4fa----1664242963173
content-type: application/json
Content-Length: 16775
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.1.1664242962.0.0.0; _ga=GA1.2.2145851870.1664242961; __asc=623a93611837c9c4fde0edca27a; __auc=623a93611837c9c4fde0edca27a; _gid=GA1.2.736706781.1664242962; _uetsid=ad7bbc803e0511ed992da3a66c5353c2; _uetvid=ad7c07203e0511ed94aca95408779a7e; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1664242963089.1421148929
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:45 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 75108b6439b6b505-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/app.cbc86.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/app.cbc86.js IP104.26.6.145:0
GET /static/js/app.cbc86.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:06:02 GMT
vary: Accept-Encoding
etag: W/"63316b7a-3f33c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pLZ1eeBw8Z9fHsrr98VtxJC0q%2BYI5vUOHzUUOWJpFLjvs5WmbMgabY3JD5VkZZxf%2BIErYWCpi3Bf6A5HOI6Qb3%2FFdixX23HYswgsP87Ad%2BFOr2fEheqsyv0IrvGU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db84b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/mainheader.5f29b.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/mainheader.5f29b.js IP104.26.6.145:0
GET /static/js/mainheader.5f29b.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:48 GMT
vary: Accept-Encoding
etag: W/"63316b6c-21ac"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q11EuP%2F1tXrT%2B%2BrKC89gKLySMyN4OoAYqq6zJA8Tv1prSzAk6u%2F6FtyFvNBWdKkGrPIwFe71%2FYt2ukLNyS2fqEnZFUALWu%2FuVHlM9smvioyjsNkpUNOFkSISIfNAtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b575c29b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/google.svg | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/google.svg IP104.26.6.145:0
GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:45 GMT
vary: Accept-Encoding
etag: W/"63316b69-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9tQWpeYBOcw8gJP3T6T6fCVg58iqDaa%2FMkI34c4zaG9Dm4XCrP67KldFNydjNymjDjbjjN5ZHx7ZSlrhMvZaZK6P2L951isMMFzmfZ5q9p%2B5nrRLn2ZLMAi9iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4e9fb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/apple.svg | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/apple.svg IP104.26.6.145:0
GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:06:01 GMT
vary: Accept-Encoding
etag: W/"63316b79-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuQuQMUUQZpJK5NcRuGtDYIAkupzIYMCB4Par00A2cdLLG1fmZZ6poz06L8lpDEl%2FMSnw0sOUmYLqcjX3SxYQOZCqLGcuGhu%2FafwBCTzWrUJEjk2ThPFbdTVjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c4ea1b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| api.forms.app/form/609890b8001f18095ac075fc/view | 104.26.6.145 | 403 Forbidden | 0 B |
URL HTTP/2api.forms.app/form/609890b8001f18095ac075fc/view IP104.26.6.145:0
GET /form/609890b8001f18095ac075fc/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Authorization: none
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 403 Forbidden
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfGV3b6XhPFPqtTdcs%2BMscpSlJo4GfF2wHCnP2vAxR%2FMDM8O6hD6VxbH6ctlWNjnbVUt1dvEtGUk8dB6b2w1YMi0S1irTN3dL5TOLaNqUdx8BDncWZ2Zq8Pe3HhH0qU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b599f10b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/app.bb6f5.css | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/app.bb6f5.css IP104.26.6.145:0
GET /static/css/app.bb6f5.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:37 GMT
vary: Accept-Encoding
etag: W/"63316b61-12356"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMPVi2nrVXPyJshxkRTZgq5mpVpH7KkF9gi3mdwJNFHruqj0lQG0P5rIqmvdzb4KZW8gyUagI%2FXscMJizV4BJ9VnC941HoJo0LJZ5TmyqdObqTLn1wrt01REyHuOqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55cb80b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/iicon.59ea2.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/iicon.59ea2.js IP104.26.6.145:0
GET /static/js/iicon.59ea2.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:48 GMT
vary: Accept-Encoding
etag: W/"63316b6c-349e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rw3fNq5NI%2FdfYDGEzh9ofilc8xA0AmQKaGK9HToPhIhIRm1VOG%2FS1ih3x9fAt5YeQbEx3PoZd9FelzJEANI%2FdRZfy9YfqVlSrGD2Pn6cgybLRKvEF2M9KLK6mnMrQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55db88b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/country-en.83d29.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/country-en.83d29.js IP104.26.6.145:0
GET /static/js/country-en.83d29.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:33 GMT
vary: Accept-Encoding
etag: W/"63316b5d-102a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qhdD8ASNlNM%2FMmLGNmKd3X2cnajRFhlk90DPAyB4Vt8wHan26UvMW8C9Sdfm5s%2Bkf8ohhft3PMU%2FiztW3TGZv14ZmvaL516ALcVF3ZDisVgdAMJ9r0cs%2Bknw4L%2FAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b56bbe1b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js IP104.26.6.145:0
GET /static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:23 GMT
vary: Accept-Encoding
etag: W/"63316b53-114"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qEL0%2Bn8yPCPOAknZYBVHQFgfZShfg7svuJc5Z2KAybGtXT5wnZXfydYipDh%2Fp8MWDiKhxWAGvOH7cf1YsDwnF0JAA%2BSr5%2BWFtpw%2FWHTh%2B4VcUZLdjR9%2F0wilyG%2F1GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b573c11b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/vendor.88295.css | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/vendor.88295.css IP104.26.6.145:0
GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 09:05:36 GMT
vary: Accept-Encoding
etag: W/"63316b60-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpY%2B%2BVZemISzKsC51MJbkrfn0q3%2FJR%2F57eeAepyaX5U2zF4F2A9g6BE1GEPLi7HkZAHr3Usa1fuKCBdaQ39Mqaext03DbZYzDRMYisFBx7aiXjADfJQGZO%2BjRRgyTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b55cb7fb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/icons.df638.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/icons.df638.js IP104.26.6.145:0
GET /static/js/icons.df638.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:38 GMT
vary: Accept-Encoding
etag: W/"63316b62-3b710"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2qENKVDY4Ww3F7kWz8eyskB1a21Igv6lAmk5IP6rUe0i23ToR7SpwNnwWNTXflpf0UrJPT%2FHXSEub6IJ1qF8yPnL4GgfwnWxQ2zekv%2FxsMfu3HbQHJlk7Ip3g6aryw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a9ddeb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/vuegtm.3359a.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/vuegtm.3359a.js IP104.26.6.145:0
GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:22 GMT
vary: Accept-Encoding
etag: W/"63316b52-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVHaDv3yC0atxQoXSGJZp1RHu7baKZXysRMphU%2B0Pv65Z0GJcxbG8ejHMdriAweSUYf5iH4v7tyn6133LXeZw3vWkoxcHMe4xoKv9i0yRuo5rKL1O6oYaYWVeojE5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b571c07b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/img/logo-home.svg | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/img/logo-home.svg IP104.26.6.145:0
GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: image/svg+xml
last-modified: Mon, 26 Sep 2022 09:05:20 GMT
vary: Accept-Encoding
etag: W/"63316b50-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vr5NqxvPTDuhFdLpOs8tNBjCvg0xW73ir1Qx2uzFJ9InDzgrYGx7lm1sbZed6Id38qvSPDf7YZatEmDTQyyPEaqaeT5zhJZN5RpDzSi%2BqHvf9Gsbxw21VxNDpgSRng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5a7dd8b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/form/609890b8001f18095ac075fc | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/form/609890b8001f18095ac075fc IP104.26.6.145:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /form/609890b8001f18095ac075fc HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:42 GMT
content-type: text/html
last-modified: Mon, 26 Sep 2022 09:05:53 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d5LeHLQOkfS8j1OcY6VaSXTDWhI1f4h0wsGjImLfGfPDVJxtYrtrfssOVb9Si4moOU6ArvRmONn5a5pPyEOIIuwDEQH3d%2FuqUsWra4baY1OkBlEgw5y6zPScNJ%2BpiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b541ad6b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormView.2d11d.js | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/FormView.2d11d.js IP104.26.6.145:0
GET /static/js/FormView.2d11d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/609890b8001f18095ac075fc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:43 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 09:05:42 GMT
vary: Accept-Encoding
etag: W/"63316b66-a5f2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 927
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8KFPeIbuDzlzUm2zrHlaz2JAFgaWxEM9mST3%2FQf9BZD8OPJ3kYbaEzr5voTgagulysIf%2FXLVYdC6lX%2B%2Bc%2B5jbiOjTT3VY1NDjix0GUxcMshgeM6%2F3koI2wH38t6qkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b574c1ab505-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/hubspot-crm.png | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2file.forms.app/sitefile/hubspot-crm.png IP104.26.6.145:0
GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.1107141774.1664242961; _ga_740JKHV4FZ=GS1.1.1664242961.1.0.1664242961.0.0.0; _ga=GA1.1.2145851870.1664242961
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 01:42:44 GMT
content-type: image/png
content-disposition: attachment; filename= hubspot-crm.png
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:13:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3qO4KSDEqybeRu2z2U6i9SzOUZUlyX6gAMeSvb085nnMA%2FOsqVQTiNjG49gp78MG32mI8R2Cke1eln%2BI7704vX5o%2BVAyemnABWKDleM2oUbbZCL3dOvMmvJt47h31NZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 75108b5c1e87b505-OSL
X-Firefox-Spdy: h2
|
|