firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 30 Sep 2022 01:16:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 55KR1MgW8kpwe92lAYG38eHHkzjgwuT6PbZw6Ajg01MSida-45gS9w==
Age: 2814
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9820
Expires: Fri, 30 Sep 2022 04:46:38 GMT
Date: Fri, 30 Sep 2022 02:02:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Cm_getq-ZJph9JMzk-LW2RxsMqZRG5sG-w8T_Ey02J19Ixn9ejK-xA==
age: 74071
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Sep 2022 02:02:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 21c0f11a7ee9b80c53317be90449ec84
921a4749960cfe17aed733a8662589736b21bfd9
1efdf82447835825554bf6d9a65019450a989f5b6c49477f8efedea097fbf221
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 30 Sep 2022 02:02:58 GMT
Server: ECS (dcb/7EA7)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gTD0pFwgdksXCqRDHeYf5JcMLql0OYsv4VO8d6ugdckQ3wyxF5T2og==
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 30 Sep 2022 01:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 30 Sep 2022 01:37:22 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YRhYfzijjyruhE8z8l6YgtSzSdfsVEvX3-VdCrSaGx2d8NSOLm0UFA==
Age: 2005
gregdonnie34.getform.com/0mxj3
52.3.39.67302 Found 0 B URL HTTP/2 gregdonnie34.getform.com/0mxj3
IP 52.3.39.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /0mxj3 HTTP/1.1
Host: gregdonnie34.getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 30 Sep 2022 02:02:58 GMT
content-length: 0
location: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
server: fasthttp
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f09cb223e3dc028c58cf32c2274c3766
ca7f1663a1200941986e786353ed2f3ff50bd0b2
9b89a5534b1a84f0a86f150dc7f1f699bb972f7b8e151b29c02454dd939066ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2119
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 02:02:58 GMT
Last-Modified: Fri, 30 Sep 2022 01:27:39 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash a845d2cfcca94db129e1ab6ff08401ec
06fcd092280dfa1d1af87c0f6182001b59da1342
5a074f13bb2a1f0d27f1b304932c287ad6735b7fcba429049f79a20193df584c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 30 Sep 2022 02:02:58 GMT
Server: ECS (dcb/7F80)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Pvuysp0o5m6CeRYBXC2jL-aSIN5Nn7VSr1s-U4xSXyk5chnvRk2Gwg==
push.services.mozilla.com/
35.160.97.225101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.97.225:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6nf98czOyYBPnewPgwAyqw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5po1js3YUEE+iMgmd9iN9PHx4z8=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6ac97060c75238244bfa94c6c6f63e40
9a640270fe62b82a8d971472f28a150e23f3a0c2
f7c0b8dc16c4a08e73772eadf8303a509768acf9d70f132c1c1db899534d4bab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 02:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
getform.com/static/montserrat-latin-500-normal-ade7985dfab42940651537039e999ad9.woff2
18.208.47.31200 OK 20 kB URL HTTP/2 getform.com/static/montserrat-latin-500-normal-ade7985dfab42940651537039e999ad9.woff2
IP 18.208.47.31:0
File type Web Open Font Format (Version 2), TrueType, length 19868, version 1.0\012- data
Hash a97e6797414fd94c6649c3d25adc0ffb
ccd70ecbdc02b93eaae5de97d7a8a42dfbbea9f2
13eb615165c92892fcd46e01782dd0fc52d36f236f883aad488c2cf4dcf9206e
Analyzer Verdict Alert fortinet Malware
GET /static/montserrat-latin-500-normal-ade7985dfab42940651537039e999ad9.woff2 HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: font/woff2
content-length: 19868
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: "6335adbb-4d9c"
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-K2M8QFQ
142.250.74.72200 OK 65 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-K2M8QFQ
IP 142.250.74.72:0
File type ASCII text, with very long lines (6051)
Hash defb89614dbac95b46fe11a0501746ec
80e731b57d96ad04f87fb2d7c5126a2f024c5e67
0ce349f8c29fdeb9b18aedacedb199c366e6eaab545b57b61776394e33f4a2a8
GET /gtm.js?id=GTM-K2M8QFQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 30 Sep 2022 02:02:59 GMT
expires: Fri, 30 Sep 2022 02:02:59 GMT
cache-control: private, max-age=900
last-modified: Fri, 30 Sep 2022 00:17:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 65049
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6ac97060c75238244bfa94c6c6f63e40
9a640270fe62b82a8d971472f28a150e23f3a0c2
f7c0b8dc16c4a08e73772eadf8303a509768acf9d70f132c1c1db899534d4bab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 02:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
getform.com/static/montserrat-latin-700-normal-686bda13a6c973520c205d18ad0c404d.woff2
18.208.47.31200 OK 20 kB URL HTTP/2 getform.com/static/montserrat-latin-700-normal-686bda13a6c973520c205d18ad0c404d.woff2
IP 18.208.47.31:0
File type Web Open Font Format (Version 2), TrueType, length 20040, version 1.0\012- data
Hash 7bad4a6005ffca3966b2a099250e0638
5d29f82436d412c5e5665a876a4e30f249fdd887
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
Analyzer Verdict Alert fortinet Malware
GET /static/montserrat-latin-700-normal-686bda13a6c973520c205d18ad0c404d.woff2 HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: font/woff2
content-length: 20040
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: "6335adbb-4e48"
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
X-Firefox-Spdy: h2
getform.com/static/391235ebaa1b3e8edfa498053e4e3f13/17f35/not-published.avif
18.208.47.31200 OK 40 kB URL HTTP/2 getform.com/static/391235ebaa1b3e8edfa498053e4e3f13/17f35/not-published.avif
IP 18.208.47.31:0
File type ISO Media, AVIF Image\012- data
Hash b7c7ac08701c45cc793521ef7c514b3e
65adcd20c89198bf7d9c35bacb6fe0e7ad8b02db
69563463447c419f479cec0293dc5564da10d3e0d444f43a95147e2e87b69924
Analyzer Verdict Alert fortinet Malware
GET /static/391235ebaa1b3e8edfa498053e4e3f13/17f35/not-published.avif HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: text/plain
content-length: 39796
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:47 GMT
etag: "6335b35b-9b74"
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
X-Firefox-Spdy: h2
getform.com/icons/icon-512x512.png?v=9d65686a889507b566020b7e8463591e
18.208.47.31200 OK 27 kB URL HTTP/2 getform.com/icons/icon-512x512.png?v=9d65686a889507b566020b7e8463591e
IP 18.208.47.31:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 3e40461cdd5176c6fdd3a1f19e118504
36f96b2493bc96974d9b508b37c09be521917fd1
60ac84922c76b6a94f1156d8160ec0ede7e67a73b2c173023a589461c01a3a06
Analyzer Verdict Alert fortinet Malware
GET /icons/icon-512x512.png?v=9d65686a889507b566020b7e8463591e HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: image/png
content-length: 27430
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:18 GMT
etag: "6335ad9e-6b26"
accept-ranges: bytes
X-Firefox-Spdy: h2
getform.com/d10a3101ffed55c3888b559e61e0c0f5d01015f2-951e93ca3c4e6717f908.js
18.208.47.31200 OK 3.3 kB URL HTTP/2 getform.com/d10a3101ffed55c3888b559e61e0c0f5d01015f2-951e93ca3c4e6717f908.js
IP 18.208.47.31:0
File type ASCII text, with very long lines (6487)
Hash f7e87189804329f86b7a0e44dc8ad5f3
934fc10070e231e1dfac6d898cd5c74a8c877f84
39d14e08287e1b8d8ceff3e8ce69b64b60c8b259227878d0fa28065511bca7c4
Analyzer Verdict Alert fortinet Malware
GET /d10a3101ffed55c3888b559e61e0c0f5d01015f2-951e93ca3c4e6717f908.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-19b1"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/e0fd2144331109acfb6f0060689cc780c877e0a2-71ddc8e5b472405b67cd.js
18.208.47.31200 OK 9.8 kB URL HTTP/2 getform.com/e0fd2144331109acfb6f0060689cc780c877e0a2-71ddc8e5b472405b67cd.js
IP 18.208.47.31:0
File type ASCII text, with very long lines (27849)
Hash 38a30d64801e0c35fb6e436f506fa7b2
a1bcec4d6fa09eb0c28aa709fc183c7b46b6cac7
bcc7350ef744be649dde79047f55d0bd7274bfb443d6a28b1fe62eec63940071
Analyzer Verdict Alert fortinet Malware
GET /e0fd2144331109acfb6f0060689cc780c877e0a2-71ddc8e5b472405b67cd.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-6d23"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/page-data/app-data.json
18.208.47.31200 OK 54 B URL HTTP/2 getform.com/page-data/app-data.json
IP 18.208.47.31:0
File type JSON data\012- , ASCII text
Hash 141bce1d36888b97ad87391525b052d6
2025bcb8cdd4e3c54c6e1e10dfb662b2203aeb82
e0de653ce383eb52eee3eb3368c75c67ee23ba89828aadf0785ca5d44c835140
Analyzer Verdict Alert fortinet Malware
GET /page-data/app-data.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/json
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:47 GMT
etag: W/"6335b35b-32"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
js.intercomcdn.com/shim.latest.js
54.230.111.118200 OK 6.2 kB URL HTTP/2 js.intercomcdn.com/shim.latest.js
IP 54.230.111.118:0
File type Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Hash 9f31ce0683711091bf70d2c514762dd6
be6857574bff320ca0e90f3aa755b74c4ac16bed
78d9cc25722b997047c64b11708c2aefa8ab15206a54eaee8e7a2cdcdb4655d8
GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6169
last-modified: Thu, 29 Sep 2022 16:46:47 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: WgJIvi1tNGdOLVzXexBAXmMCpvo1CxHF
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 02:01:55 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "9f31ce0683711091bf70d2c514762dd6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ld6i_XbCM-MQL_wJYVaV7YcoY8iqn62Tt1ZmrutVQn3BM5iYqd0NQw==
age: 65
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
js.intercomcdn.com/frame.5bb2cbce.js
54.230.111.118200 OK 130 kB URL HTTP/2 js.intercomcdn.com/frame.5bb2cbce.js
IP 54.230.111.118:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 130 kB (130209 bytes)
Hash 54d1c30020b450d03317fcd229f698c4
6643130d8f05419a72e0fd60f03d9e8062e8456f
cc87525fd1e932ec31c38d03c3a0f355532b34bc0505fec0d65e63bbecf3ec9e
GET /frame.5bb2cbce.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 130209
last-modified: Thu, 29 Sep 2022 16:45:29 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: Qjixh9VGRLRo2UAafIPnpRVJWsvkjE7D
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 00:46:48 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "54d1c30020b450d03317fcd229f698c4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vaMGjcs4iMldrk78sUbhVevGS3JUyu4UQdkjnhGLdHRssROvECB87g==
age: 4572
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Fri, 30 Sep 2022 00:41:09 GMT
expires: Fri, 30 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 4910
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.intercomcdn.com/vendor.ccf5e745.js
54.230.111.118200 OK 472 B URL HTTP/2 js.intercomcdn.com/vendor.ccf5e745.js
IP 54.230.111.118:0
Hash f4cac07a6b43c2c45dbdd3dcbf8856e4
985130ebc2d64abc30a0673061e6f73e5a4f02a4
8945a690f41c23b6411950f9bbdb51becf8c48e363a715af38984d45085f9904
GET /vendor.ccf5e745.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103324
last-modified: Thu, 29 Sep 2022 16:45:29 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: YzecnC3X6qPJy3JALYy_f2AoN6Cg.Q.q
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 00:46:48 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "eb84ec6e116708c0610b2ed9dc6bf140"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7sSm2AIudRII6-aJo6fZpW7pw4zGsAoUKZllJFrjQDd99UmeNJS44Q==
age: 4572
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-175164957-1&cid=872938852.1664503376&jid=589805688&gjid=752324849&_gid=1292195392.1664503377&_u=YADAAEAAAAAAAC~&z=1144046570
64.233.165.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-175164957-1&cid=872938852.1664503376&jid=589805688&gjid=752324849&_gid=1292195392.1664503377&_u=YADAAEAAAAAAAC~&z=1144046570
IP 64.233.165.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-175164957-1&cid=872938852.1664503376&jid=589805688&gjid=752324849&_gid=1292195392.1664503377&_u=YADAAEAAAAAAAC~&z=1144046570 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://getform.com
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://getform.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 30 Sep 2022 02:02:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9614f0953e42ee2929d2286318d5bf83
50b65951ebd7ca71a864c3dabafecce4cf2bc390
c7da19596f28cfe57d8db43d21297cc201d5a5f74ec894f3919ba0ee59c1242c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 02:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-FMGZE8895W>m=2oe9s0&_p=217211339&cid=872938852.1664503376&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664503376&sct=1&seg=0&dl=https%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3&dt=This%20Online%20Form%20is%20Not%20Active%20-%20You%20Can%27t%20Preview%20It%20%7C%20Getform&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-FMGZE8895W>m=2oe9s0&_p=217211339&cid=872938852.1664503376&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664503376&sct=1&seg=0&dl=https%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3&dt=This%20Online%20Form%20is%20Not%20Active%20-%20You%20Can%27t%20Preview%20It%20%7C%20Getform&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-FMGZE8895W>m=2oe9s0&_p=217211339&cid=872938852.1664503376&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664503376&sct=1&seg=0&dl=https%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3&dt=This%20Online%20Form%20is%20Not%20Active%20-%20You%20Can%27t%20Preview%20It%20%7C%20Getform&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://getform.com
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://getform.com
date: Fri, 30 Sep 2022 02:03:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
getform.com/sw.js
18.208.47.31200 OK 2.4 kB IP 18.208.47.31:0
Hash da76bf6a256994a9dfbde38cd3ff49ce
38204ea76a4e11f0a335cbdac70d4677f4e44b0d
217c45a94f3a9327821528d7430d84939d44c27632e2e1a208b84d6c494bbf71
Analyzer Verdict Alert fortinet Malware
GET /sw.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.1.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:02:13 GMT
etag: W/"6335b375-13c2"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6e45ed0e014d302b7e4d21520228f1ef
86e935f08f4217126f75d13a516ac049f23637a8
22366c353b6dbdd94f0efdf1163318b4e12476c8d7360c70e56b58650004a84c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 02:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
getform.com/webpack-runtime-9090baabd5a42e6d078d.js
18.208.47.31200 OK 3.6 kB URL HTTP/2 getform.com/webpack-runtime-9090baabd5a42e6d078d.js
IP 18.208.47.31:0
File type ASCII text, with very long lines (6945)
Hash 27892c4f6e7f763a1bd51b1669ed9da1
aa3d46facf5367ceab7a2347734b65b43943fa39
3df73ae880b12c0ffaf018303a1adafc3eb0be9806cf48534cd365b5cdec31bc
Analyzer Verdict Alert fortinet Malware
GET /webpack-runtime-9090baabd5a42e6d078d.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-1b62"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-175164957-1&cid=872938852.1664503376&jid=589805688&_u=YADAAEAAAAAAAC~&z=526019570
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-175164957-1&cid=872938852.1664503376&jid=589805688&_u=YADAAEAAAAAAAC~&z=526019570
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-175164957-1&cid=872938852.1664503376&jid=589805688&_u=YADAAEAAAAAAAC~&z=526019570 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 30 Sep 2022 02:03:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
getform.com/workbox-v4.3.1/workbox-core.prod.js
18.208.47.31200 OK 2.4 kB URL HTTP/2 getform.com/workbox-v4.3.1/workbox-core.prod.js
IP 18.208.47.31:0
File type ASCII text, with very long lines (5837)
Hash bad70d9dcdf7b126d20dc1de3d44985a
bcba48eec85ee26d07b263bc48244f522108fba2
0b8469a70d933084d1b508107b30223f2dc4c5c17c479f24626a596a1fc94fbe
Analyzer Verdict Alert fortinet Malware
GET /workbox-v4.3.1/workbox-core.prod.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/sw.js
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.1.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:02:13 GMT
etag: W/"6335b375-16fc"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6e45ed0e014d302b7e4d21520228f1ef
86e935f08f4217126f75d13a516ac049f23637a8
22366c353b6dbdd94f0efdf1163318b4e12476c8d7360c70e56b58650004a84c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 02:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 68332d861224030707a1e197a1851d3b
8f94bee805e1d462bd22ff076890500aea641650
9dcf9756d49b596989a5025b18b21f105184acda7060f7f8556c5531b74789f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 02:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
getform.com/workbox-v4.3.1/workbox-sw.js
18.208.47.31200 OK 1.2 kB URL HTTP/2 getform.com/workbox-v4.3.1/workbox-sw.js
IP 18.208.47.31:0
File type ASCII text, with very long lines (1289)
Hash 8c77d293a7a641424f497cdd64816f8a
6e648a9af01f77d91336f1d9e2a9b28562108961
58e9c527b649472513208104d0a56b0dd05eb2bb1a649a3ede8f7b9e110f2a45
Analyzer Verdict Alert fortinet Malware
GET /workbox-v4.3.1/workbox-sw.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/sw.js
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.1.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:02:13 GMT
etag: W/"6335b375-531"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12219
Expires: Fri, 30 Sep 2022 05:26:39 GMT
Date: Fri, 30 Sep 2022 02:03:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12219
Expires: Fri, 30 Sep 2022 05:26:39 GMT
Date: Fri, 30 Sep 2022 02:03:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12219
Expires: Fri, 30 Sep 2022 05:26:39 GMT
Date: Fri, 30 Sep 2022 02:03:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98c23448-09e3-4c05-86c5-dafbe6ca8a0e.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98c23448-09e3-4c05-86c5-dafbe6ca8a0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d21d2bdcedbd619a80017054076319f9
86dd3bf133e9eddf8852f39e1ee695ee599ac886
fc5672d5a8e9c6a5ec531f7ba05b65c192af37edf6c3a48105df3685de44ec0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98c23448-09e3-4c05-86c5-dafbe6ca8a0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8059
x-amzn-requestid: f8bb9e4b-9f3c-47ba-8524-de16155e536d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZNepwHAVoAMFvNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633544a4-5d884e29378635b60592b618;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 07:09:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NMiKZSkokVXNTV76vsVJ7VEu6YFfT9MqL7tHtT8CwZq0BwTbXOpm6Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 07:14:42 GMT
age: 67698
etag: "86dd3bf133e9eddf8852f39e1ee695ee599ac886"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11dc66d9-c0dc-4009-bc21-1bc7de4d071d.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11dc66d9-c0dc-4009-bc21-1bc7de4d071d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cab91ea6d86b9d8af67590ec8638c35e
126d8bfe9e913c8ea665089270d0d524ed5a1234
cec04f205ed6397a11cea16a3370d1cbac52cf63f65742bea1a43232ea61a993
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11dc66d9-c0dc-4009-bc21-1bc7de4d071d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: e4f3306b-5d8c-4257-8b1c-042227c802d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdbFHE4oAMFc3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f79-691ce35a37178a0a189879c6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qLUYGKeXkYVpH-oleaqCadfIgRE66QXj-uK_YccpQUeJYnsFq7GaUQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:12:16 GMT
age: 13844
etag: "126d8bfe9e913c8ea665089270d0d524ed5a1234"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed1b116a-12f1-445b-8a5f-9353e3780e4f.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed1b116a-12f1-445b-8a5f-9353e3780e4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b5c947ae0b46d0d8891da8b91b299d6
6edbfb2ea042482253f7d3d75cb1bd0b6c6a5f1f
ec7f8e44224ac291a1d66d8d99dfb44122bc85762fb9351738ce6d1c6ab72d47
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed1b116a-12f1-445b-8a5f-9353e3780e4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6596
x-amzn-requestid: 0e130e37-9710-4fe9-a406-a26f4ed8650c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASNPHSYIAMF0tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffd87-39a73c5476ddd0b2112f5f07;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:04:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jhL_FzO_MIL5trbUJzod1scymtl7JZSRvwSW4RMD7l__4x4rejeIzg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 13:09:45 GMT
age: 46395
etag: "6edbfb2ea042482253f7d3d75cb1bd0b6c6a5f1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dyDhatfeYzzSQpRY7JpOIu3VhjlI8IOWcKCLCBWYaxJ1CYgCxqdQjA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:49:47 GMT
age: 15193
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
getform.com/page-data/not-published/page-data.json?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
18.208.47.31200 OK 11 kB URL HTTP/2 getform.com/page-data/not-published/page-data.json?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
IP 18.208.47.31:0
File type JSON data\012- , ASCII text, with very long lines (1112)
Hash b572c11b806a4b080d9104a59c44e520
136ecadcd4c9b5d9e4c94cd8911d0a2fe8225195
68687dc740425dbef88b49d7aa76a38ece0ddf4e10259d8fd0f6f8406638666f
GET /page-data/not-published/page-data.json?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3 HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.1.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/json
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:47 GMT
etag: W/"6335b35b-4f3"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7bce41c-9706-4324-8a06-1509b48a771d.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7bce41c-9706-4324-8a06-1509b48a771d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92adf4a1167591fe092a2ee8871df6cf
2a6ac7433a03249398daa4b2cba3359e8d35f8f8
d01207d858c49c41779c64221cae37855c70ffe3dd9c0fab299bf20e23cd2cce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7bce41c-9706-4324-8a06-1509b48a771d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6616
x-amzn-requestid: 40a8fe67-c47d-4337-a262-5ae47883b224
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPePpHJVIAMF8Bw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633610ca-51c57d2247517e3a71a2917c;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:40:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -WZNiveado-qJAyUINR0MrFtuEiMUl9SEJ0G8EbPW1A-4x_teOwXsg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:48:40 GMT
age: 15260
etag: "2a6ac7433a03249398daa4b2cba3359e8d35f8f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 3e00679c825dd2dc2387a33af61e2dbb
3eaa94ee51bf03c4194b3ec6b0ebf4f1b335205c
113faaf7141f2f4710867afe54ff44a12579dd590a4f99b4d6d8187d32cc42d7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 30 Sep 2022 02:03:00 GMT
Last-Modified: Fri, 30 Sep 2022 00:33:30 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: mXJ7Xn06i9fbmGsvfGEGU1CYJUZ2UN1G3gR_IT0x80NoQUACOQe5oA==
Age: 5370
getform.com/manifest.webmanifest?__WB_REVISION__=3a067ded2e6f6f0844a570e5eb949a4f
18.208.47.31200 OK 1.2 kB URL HTTP/2 getform.com/manifest.webmanifest?__WB_REVISION__=3a067ded2e6f6f0844a570e5eb949a4f
IP 18.208.47.31:0
File type JSON data\012- , ASCII text, with very long lines (1220), with no line terminators
Hash 3a067ded2e6f6f0844a570e5eb949a4f
59b433537bf93c03ff731fca844001f4907628bd
f172373ddbca843eb80a094a4b8452b9c9b7e5e1505b9bc8ec7caa8093d05011
GET /manifest.webmanifest?__WB_REVISION__=3a067ded2e6f6f0844a570e5eb949a4f HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/sw.js
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: text/plain
content-length: 1220
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:18 GMT
etag: "6335ad9e-4c4"
accept-ranges: bytes
X-Firefox-Spdy: h2
widget.intercom.io/widget/t2xmrrw5
54.230.111.53302 Found 0 B URL HTTP/2 widget.intercom.io/widget/t2xmrrw5
IP 54.230.111.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widget/t2xmrrw5 HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://getform.com/
Connection: keep-alive
TE: trailers
HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Fri, 09 Sep 2022 05:29:20 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _tjOEc1z3istt9qLAMa9CDxh2c7EazoWKmgM8_8VucXRWExvIjlQbA==
age: 1802021
X-Firefox-Spdy: h2
getform.com/workbox-v4.3.1/workbox-routing.prod.js
18.208.47.31200 OK 2.0 kB URL HTTP/2 getform.com/workbox-v4.3.1/workbox-routing.prod.js
IP 18.208.47.31:0
File type ASCII text, with very long lines (3346)
Hash 32a132fb3939b56cead46c6e27d280f2
12a699069e7bef233232c8f6dee1d192595cfe1b
ab023e91906f5a1bf9d213f46259f9b3cb5ba856f963c67b929b6e76682d7402
Analyzer Verdict Alert fortinet Malware
GET /workbox-v4.3.1/workbox-routing.prod.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/sw.js
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:02:13 GMT
etag: W/"6335b375-d44"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/polyfill-3a9b020eda13b3a01dd4.js
18.208.47.31200 OK 27 kB URL HTTP/2 getform.com/polyfill-3a9b020eda13b3a01dd4.js
IP 18.208.47.31:0
File type Unicode text, UTF-8 text, with very long lines (37868), with NEL line terminators
Hash 728ae26636f23dc17d72acf21c3be955
475ceb63bf8b81bb412985efabdfe3580f823aaa
4fddf8e32d4b92241bba05040f3021ca82aba132bba3b24b07b2ada98a6e204f
Analyzer Verdict Alert fortinet Malware
GET /polyfill-3a9b020eda13b3a01dd4.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/sw.js
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-14f48"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/offline-plugin-app-shell-fallback/index.html?__WB_REVISION__=71f22045bdf256c9cb1f3dadd5b95c08
18.208.47.31200 OK 2.6 kB URL HTTP/2 getform.com/offline-plugin-app-shell-fallback/index.html?__WB_REVISION__=71f22045bdf256c9cb1f3dadd5b95c08
IP 18.208.47.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6218)
Hash 90741668996ef1ec2ddf314d901925fc
fa544364570f7d9769fe209cbf5b583d074d98c9
d93df45ab63ae60661523e8a63cf72995f245507c2ea8989a31aee2c4798e2a9
GET /offline-plugin-app-shell-fallback/index.html?__WB_REVISION__=71f22045bdf256c9cb1f3dadd5b95c08 HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/sw.js
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: text/html
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:49 GMT
etag: W/"6335b35d-20fd"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
getform.com/page-data/sq/d/3406201238.json
18.208.47.31304 Not Modified 0 B URL HTTP/2 getform.com/page-data/sq/d/3406201238.json
IP 18.208.47.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /page-data/sq/d/3406201238.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 29 Sep 2022 14:38:19 GMT
If-None-Match: W/"6335addb-8d"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 30 Sep 2022 02:03:00 GMT
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:38:19 GMT
etag: "6335addb-8d"
cache-control: public, max-age=0, must-revalidate
X-Firefox-Spdy: h2
getform.com/page-data/app-data.json
18.208.47.31304 Not Modified 0 B URL HTTP/2 getform.com/page-data/app-data.json
IP 18.208.47.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /page-data/app-data.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 29 Sep 2022 15:01:47 GMT
If-None-Match: W/"6335b35b-32"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 30 Sep 2022 02:03:00 GMT
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:47 GMT
etag: "6335b35b-32"
cache-control: public, max-age=0, must-revalidate
X-Firefox-Spdy: h2
nexus-websocket-a.intercom.io/pubsub/5-2snOZgFge0VJOO5aSo4Ubh8ruweTr9rkeRIfPNRm4ETsOtGvpF6_PszmSgwkwH6ikdrlf2LkNG53K8eK6BVKXS76wHkcklGZL9W3?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
35.174.127.31101 Switching Protocols 0 B URL HTTP/1.1 nexus-websocket-a.intercom.io/pubsub/5-2snOZgFge0VJOO5aSo4Ubh8ruweTr9rkeRIfPNRm4ETsOtGvpF6_PszmSgwkwH6ikdrlf2LkNG53K8eK6BVKXS76wHkcklGZL9W3?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP 35.174.127.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pubsub/5-2snOZgFge0VJOO5aSo4Ubh8ruweTr9rkeRIfPNRm4ETsOtGvpF6_PszmSgwkwH6ikdrlf2LkNG53K8eK6BVKXS76wHkcklGZL9W3?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://getform.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6MdYKDSmIzTpsMeC4IgJKw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Fri, 30 Sep 2022 02:03:01 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vG68ZKB/HEUzwbOK7Dw+TcCBcrA=
getform.com/component---cache-caches-gatsby-plugin-offline-app-shell-js-5958cd9f8202c4181c80.js
18.208.47.31200 OK 435 B URL HTTP/2 getform.com/component---cache-caches-gatsby-plugin-offline-app-shell-js-5958cd9f8202c4181c80.js
IP 18.208.47.31:0
File type ASCII text, with very long lines (400)
Hash 4c75b8e21f71f42c3e60666bb9c395a9
89c7769b5332466d16e16b29ea873993840f6ac7
48f2547818b5742517aa4b7b0d4607725769ee49a09100a62d7577697031afa8
Analyzer Verdict Alert fortinet Malware
GET /component---cache-caches-gatsby-plugin-offline-app-shell-js-5958cd9f8202c4181c80.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/sw.js
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-1fd"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/page-data/index/page-data.json
18.208.47.31304 Not Modified 0 B URL HTTP/2 getform.com/page-data/index/page-data.json
IP 18.208.47.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /page-data/index/page-data.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1; intercom-id-t2xmrrw5=d9852b30-91ff-4094-b5d1-983cf4f4ae92; intercom-session-t2xmrrw5=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 29 Sep 2022 15:01:47 GMT
If-None-Match: W/"6335b35b-1a916"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 30 Sep 2022 02:03:02 GMT
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:47 GMT
etag: "6335b35b-1a916"
cache-control: public, max-age=0, must-revalidate
X-Firefox-Spdy: h2
js.intercomcdn.com/vendors~app~tooltips.8d05a764.js
54.230.111.118200 OK 104 kB URL HTTP/2 js.intercomcdn.com/vendors~app~tooltips.8d05a764.js
IP 54.230.111.118:0
File type Unicode text, UTF-8 text, with very long lines (63391)
Size 104 kB (103458 bytes)
Hash 393c0765e347eee67557bfe457b7654c
92b845b1988b125ee6147963c68e631b409da743
1c3021a633fff4c23f20de8383960fa87f6b616c82a7f7e70bfee05cb1730fed
GET /vendors~app~tooltips.8d05a764.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103458
last-modified: Tue, 27 Sep 2022 16:05:48 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: zvmTHJPGOvcZHvO9QxE4..h9Kxl9BOXw
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 00:05:14 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "393c0765e347eee67557bfe457b7654c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZIxB0Tz_AoKKz7c3ApzncWYhTLh05YT2BuU6jr18acMHDPpluZwDZg==
age: 7076
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
js.intercomcdn.com/vendors~app.70f8c9a1.js
54.230.111.118200 OK 13 kB URL HTTP/2 js.intercomcdn.com/vendors~app.70f8c9a1.js
IP 54.230.111.118:0
File type ASCII text, with very long lines (45914), with no line terminators
Hash a98fdc479d2ac40b2308d7554005ccf3
d025470c669f170569d599254a836edaca1b5d96
81bc12326399323325a6edab86a9b77de6d88b3c2afef091bfd4319cb6cf932e
GET /vendors~app.70f8c9a1.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 12982
last-modified: Wed, 28 Sep 2022 12:55:12 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: SHbLiVorU3xtVHvrVuk8wHNlfzE53MHI
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 01:00:00 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "a98fdc479d2ac40b2308d7554005ccf3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l-q1PBZ3ieSq297bg0-PGS3J1z4wjax8kQzi3azSLpzv6c38M8dQIw==
age: 3966
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
js.intercomcdn.com/app~tooltips.1e31c7e7.js
54.230.111.118200 OK 53 kB URL HTTP/2 js.intercomcdn.com/app~tooltips.1e31c7e7.js
IP 54.230.111.118:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash d210322ae8f1f32b88bd1ebd23e24557
c6ef825e2c3fe91c9ff6565c5c4d8cd8558f1937
261a3ca57b16a6eec8be81c7a5dc0f76dfb839308a9712f1a6d8ff651a578040
GET /app~tooltips.1e31c7e7.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 53018
last-modified: Thu, 29 Sep 2022 16:45:29 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: 96gqzhnc3DMYM_fFdnWj4G3OsB3OShGS
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 00:48:01 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "d210322ae8f1f32b88bd1ebd23e24557"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8MG0F0OmnyIGK-jWHnGth2q8QRglg6nV7tTMaFTQ7ExONi0kAF4ieg==
age: 4569
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12af206-9f17-40de-9764-14d3cdcb4d2f.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12af206-9f17-40de-9764-14d3cdcb4d2f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b8d0a19bc0a56bb40a975c5c71af05a
3248ca3a8b88efd5be8499898fce957d096cf211
da44d6dd845dc400b0b76f19c67e5a79d9359ce24fe5e4490477f195b23203b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12af206-9f17-40de-9764-14d3cdcb4d2f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: 6aca2e04-02b4-4e42-8bba-9bbe2ace1ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPeLrGq1oAMFuAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633610b0-65b0664d0233107029ef0157;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DClqs8vTlqibRwXU8dIkkFCUxigTLduturaxCfuvsMtDm-4VXjx2mg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:12:16 GMT
age: 13851
etag: "3248ca3a8b88efd5be8499898fce957d096cf211"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
getform.com/app-0cc7c2b73023a4196d91.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/app-0cc7c2b73023a4196d91.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /app-0cc7c2b73023a4196d91.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-2228e"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/page-data/sq/d/1053719541.json
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/page-data/sq/d/1053719541.json
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /page-data/sq/d/1053719541.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/json
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:38:19 GMT
etag: W/"6335addb-6e"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
s2.getsitecontrol.com/widgets/es6/runtime.a05a605.js
89.187.169.39200 OK 0 B URL HTTP/2 s2.getsitecontrol.com/widgets/es6/runtime.a05a605.js
IP 89.187.169.39:0
ASN #60068 Datacamp Limited
GET /widgets/es6/runtime.a05a605.js HTTP/1.1
Host: s2.getsitecontrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: text/javascript; charset=utf-8
server: BunnyCDN-DE-755
cdn-pullzone: 83560
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=22809600
etag: W/"9f233c05bb6bc962810acd7b67f60666"
last-modified: Fri, 29 Jul 2022 14:10:45 GMT
x-amz-id-2: n4jxUw4frq8Y627wNUWt4LbRRUg7GWLE5sb26fFDnL/mTHACwzoEHlLYU9q1KseiyE8nBuIHoXk=
x-amz-request-id: NWJ3T7Z2GWW80G8H
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/29/2022 14:25:38
cdn-edgestorageid: 632
cdn-status: 200
cdn-requestid: 6b968c4947bdb37080892be18e254ad0
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
l.getsitecontrol.com/p4330084.js
194.242.11.186200 OK 0 B URL HTTP/2 l.getsitecontrol.com/p4330084.js
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /p4330084.js HTTP/1.1
Host: l.getsitecontrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: text/javascript; charset=utf-8
server: BunnyCDN-NO-830
cdn-pullzone: 89704
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=86400
content-encoding: br
etag: W/"72b6e890c6b72d93f415e444c5258de5"
last-modified: Thu, 11 Aug 2022 08:51:22 GMT
cdn-cachedat: 09/29/2022 16:25:55
x-amz-id-2: vuKczjaiqWnNSdk0DZ0fz/Q9OgfKBDXBhnUe0pzy/3vToSU5i/nxjeR34bhw+aIdzHVs6lH+JAE=
x-amz-request-id: XMHAFSTTK5DWE3GT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 3c96e3b613daf0a25044c3e1f1d2e086
cdn-cache: HIT
X-Firefox-Spdy: h2
api-iam.intercom.io/messenger/web/ping
52.21.72.251200 OK 0 B URL HTTP/2 api-iam.intercom.io/messenger/web/ping
IP 52.21.72.251:0
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 472
Origin: https://getform.com
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1664503390
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13332
access-control-allow-origin: https://getform.com
vary: Accept,Accept-Encoding
x-intercom-version: de768ac4018af50c938fdd3b6ec05a9db82af9fc
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0000sepcpmc6leqo82v0
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"50077d529e2dd10521bce5f73502a88e"
x-runtime: 0.545908
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0cfcfd89bf8b8e104
X-Firefox-Spdy: h2
l.getsitecontrol.com/p4330084.json
194.242.11.186200 OK 0 B URL HTTP/2 l.getsitecontrol.com/p4330084.json
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /p4330084.json HTTP/1.1
Host: l.getsitecontrol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://getform.com
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: BunnyCDN-NO-830
cdn-pullzone: 89704
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
cache-control: public, max-age=5
etag: W/"98c8bf8528c2bdd0920b65453352c117"
last-modified: Thu, 11 Aug 2022 08:51:22 GMT
cdn-cachedat: 09/29/2022 16:25:55
x-amz-id-2: b5jqQUZ/36OpXVjSkL0FFI36G8PtgQxtj97QncstCwxD80ByzLilszTwyybkCcKYxg2zDfaHlh9LgkE2YZN53g==
x-amz-request-id: 673SGVZT7CN3SEWT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 4b3c68bd0c2ab41df88f1494c181cd31
cdn-cache: REVALIDATED
content-encoding: br
X-Firefox-Spdy: h2
getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
IP 18.208.47.31:0
GET /not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3 HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:58 GMT
content-type: text/html
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:49 GMT
etag: W/"6335b35d-61d4"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
getform.com/framework-4e0424d4927ba184b80d.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/framework-4e0424d4927ba184b80d.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /framework-4e0424d4927ba184b80d.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-1fabc"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/component---src-pages-index-js-344d11622a977299361d.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/component---src-pages-index-js-344d11622a977299361d.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /component---src-pages-index-js-344d11622a977299361d.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1; intercom-id-t2xmrrw5=d9852b30-91ff-4094-b5d1-983cf4f4ae92; intercom-session-t2xmrrw5=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:02 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-15392"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/page-data/sq/d/3406201238.json
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/page-data/sq/d/3406201238.json
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /page-data/sq/d/3406201238.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/json
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:38:19 GMT
etag: W/"6335addb-8d"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
getform.com/styles.3b6820f963ca13418fad.css
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/styles.3b6820f963ca13418fad.css
IP 18.208.47.31:0
GET /styles.3b6820f963ca13418fad.css HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/sw.js
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-46c"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/page-data/index/page-data.json
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/page-data/index/page-data.json
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /page-data/index/page-data.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
X-Moz: prefetch
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1; intercom-id-t2xmrrw5=d9852b30-91ff-4094-b5d1-983cf4f4ae92; intercom-session-t2xmrrw5=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:02 GMT
content-type: application/json
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:47 GMT
etag: W/"6335b35b-1a916"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
getform.com/component---src-pages-not-published-js-6e528617698c60cead54.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/component---src-pages-not-published-js-6e528617698c60cead54.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /component---src-pages-not-published-js-6e528617698c60cead54.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-edb"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/page-data/not-published/page-data.json
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/page-data/not-published/page-data.json
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /page-data/not-published/page-data.json HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/json
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:01:47 GMT
etag: W/"6335b35b-4f3"
cache-control: public, max-age=0, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
getform.com/8243210155f0e004b6122231f5058d921a0b2b09-681050fe0fedf1d2f8da.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/8243210155f0e004b6122231f5058d921a0b2b09-681050fe0fedf1d2f8da.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /8243210155f0e004b6122231f5058d921a0b2b09-681050fe0fedf1d2f8da.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-277d"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/component---src-pages-start-js-a8d436cb7843ee2f4bb7.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/component---src-pages-start-js-a8d436cb7843ee2f4bb7.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /component---src-pages-start-js-a8d436cb7843ee2f4bb7.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getform.com/not-published/?utm_medium=referrer&utm_source=getlink404&utm_content=0mxj3
Connection: keep-alive
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1; intercom-id-t2xmrrw5=d9852b30-91ff-4094-b5d1-983cf4f4ae92; intercom-session-t2xmrrw5=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:02 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 14:37:47 GMT
etag: W/"6335adbb-a0b"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/workbox-v4.3.1/workbox-precaching.prod.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/workbox-v4.3.1/workbox-precaching.prod.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /workbox-v4.3.1/workbox-precaching.prod.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/sw.js
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:02:59 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:02:13 GMT
etag: W/"6335b375-1093"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
api-iam.intercom.io/messenger/web/rulesets/11299102/match
52.21.72.251200 OK 0 B URL HTTP/2 api-iam.intercom.io/messenger/web/rulesets/11299102/match
IP 52.21.72.251:0
POST /messenger/web/rulesets/11299102/match HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 752
Origin: https://getform.com
Connection: keep-alive
Referer: https://getform.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:06 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1664503390
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13331
access-control-allow-origin: https://getform.com
vary: Accept,Accept-Encoding
x-intercom-version: de768ac4018af50c938fdd3b6ec05a9db82af9fc
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0009qua3gs926nu3h00g
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"4e7ce15a0ed2a5b6d4cf32b4999957d9"
x-runtime: 0.442912
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0cfcfd89bf8b8e104
X-Firefox-Spdy: h2
getform.com/workbox-v4.3.1/workbox-strategies.prod.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/workbox-v4.3.1/workbox-strategies.prod.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /workbox-v4.3.1/workbox-strategies.prod.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/sw.js
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:02:13 GMT
etag: W/"6335b375-12fb"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2
getform.com/idb-keyval-3.2.0-iife.min.js
18.208.47.31200 OK 0 B URL HTTP/2 getform.com/idb-keyval-3.2.0-iife.min.js
IP 18.208.47.31:0
Analyzer Verdict Alert fortinet Malware
GET /idb-keyval-3.2.0-iife.min.js HTTP/1.1
Host: getform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getform.com/sw.js
Cookie: _ga_FMGZE8895W=GS1.1.1664503376.1.0.1664503376.0.0.0; _ga=GA1.2.872938852.1664503376; sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2022-09-30%2002%3A02%3A56%7C%7C%7Cep%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3%7C%7C%7Crf%3D%28none%29; sbjs_current=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_first=typ%3Dutm%7C%7C%7Csrc%3Dgetlink404%7C%7C%7Cmdm%3Dreferrer%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D0mxj3%7C%7C%7Ctrm%3D%28none%29; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0; sbjs_session=pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fgetform.com%2Fnot-published%2F%3Futm_medium%3Dreferrer%26utm_source%3Dgetlink404%26utm_content%3D0mxj3; _gid=GA1.2.1292195392.1664503377; _gat_UA-175164957-1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 02:03:00 GMT
content-type: application/javascript
server: nginx/1.18.0
last-modified: Thu, 29 Sep 2022 15:02:13 GMT
etag: W/"6335b375-441"
cache-control: public, max-age=31536000, immutable
content-encoding: br
X-Firefox-Spdy: h2