Report - my.forms.app/form/60deff002ca34f5aa4985ab3

Report Overview

Submitted URL
my.forms.app/form/60deff002ca34f5aa4985ab3
IP
104.26.6.145
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-06 15:20:19
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.25
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	2.2 kB	93.184.220.29
file.forms.app	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.7 kB	21 kB	172.67.72.65
px.ads.linkedin.com	522	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	918 B	2.3 kB	13.107.42.14
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	944 B	54.230.245.110
redirect.prod.experiment.routing.cloudfront.aws.a2z.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	96 B	34.215.55.14
widget.intercom.io	2417	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	351 B	375 B	54.230.111.53
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.2 kB	216.58.207.237
api.forms.app	992980	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	2.8 kB	104.26.7.145
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361 B	16 kB	142.250.74.164
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	585 B	707 B	142.251.1.156
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	719 B	559 B	216.239.34.36
certify.alexametrics.com	3704	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	869 B	550 B	54.230.111.66
nexus-websocket-a.intercom.io	2137	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	179 B	34.237.73.95
my.forms.app	720683	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	310 kB	172.67.72.65
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
js-agent.newrelic.com	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	19 kB	151.101.86.137
bam.eu01.nr-data.net	9782	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.5 kB	185.221.85.4
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.0 kB	10 kB	142.250.74.3
forms.app	267784	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	89 kB	172.67.72.65
snap.licdn.com	1044	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	3.4 kB	23.36.76.210
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	48 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	1.6 kB	143.204.55.36
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	76 kB	142.250.74.72
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	28 kB	31.13.72.12
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.0 kB	142.250.74.66
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	2.2 kB	142.250.74.3
www.linkedin.com	608	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	557 B	2.8 kB	13.107.42.14
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	625 B	499 B	31.13.72.36
js.intercomcdn.com	2440	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	135 kB	54.230.111.33
api-iam.intercom.io	2892	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	972 B	75.2.88.188
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	393 B	172.64.156.26
bat.bing.com	387	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	15 kB	13.107.21.200
certify-js.alexametrics.com	6457	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	352 B	4.8 kB	143.204.55.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-06	medium	my.forms.app/form/60deff002ca34f5aa4985ab3	Phishing
2022-09-06	medium	my.forms.app/form/60deff002ca34f5aa4985ab3	Phishing
2022-09-06	medium	forms.app/phishing	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (55)

	URL	Size	First Seen	Last Seen
	forms.app/phishing	59 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 36224baaac8e5a8ad6e3acee73c3262f 4ab1ae97f54a38da522273a5293d297a24f78550 585e54e20f705f059220642e77577aa0de9b7b0ab505c8000fed29d02460c992 Loading...

	js-agent.newrelic.com/nr-spa-1216.min.js	50 kB	2023-03-07	2024-03-22
Pretty URL js-agent.newrelic.com/nr-spa-1216.min.js IP 151.101.86.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:43 Times Seen568 Hash 63e2df852d15ab21d7ff8fc4363222e8 7ee401ba652db0a4ec960350e17216cda01e22fb 545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe Loading...

	my.forms.app/static/js/vendor.523c4.js	387 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/vendor.523c4.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 59d7c686728e93ec4f5ae61c4dcc17eb 4e60cecd36abd46bedcd79d4df8bb11e2fa0c42d dcce901b5fdac9ba359b758a143b02d0b5860056b3ce0a78cd3d32d68428ebb0 Loading...

	my.forms.app/static/js/country-en.83d29.js	4.1 kB	2023-03-07	2024-04-05
Pretty URL my.forms.app/static/js/country-en.83d29.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-05 20:33:46 Times Seen33 Hash 940a407acc8939a4a5c1aee6c21b5054 2826a10137a69cdb9c0cbf90472785bbd32c9a6a adb51afb83492ea39672c5c0aa8a9f7a2f4f0c150e174adaad345ef42ecfe6b8 Loading...

	forms.app/phishing	1.3 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash e4a57cf3dcfc03499d046adb27f828a3 6072256332013e10d514db05bade986e635cd042 5d7a478ffea3e08753c6c7788d0acd6c0acd34133c132fe3e69502415ae1b469 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662477605682&cv=9&fst=1662477605682&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662477605682&cv=9&fst=1662477605682&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 13:12:44 Times Seen1 Hash 431af31f692915fc89eda9a5c4e25a21 ccef3c67af0e34b92db485895d91df5c4b1bdf68 040b24e096f6ffb6b359ee8612ca0182d3e64d0253d45694b5b3e2a0a9ade9f8 Loading...

	my.forms.app/form/60deff002ca34f5aa4985ab3	529 B	2023-03-07	2024-02-04
Pretty URL my.forms.app/form/60deff002ca34f5aa4985ab3 IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2024-02-04 09:27:17 Times Seen39 Hash b30e00db2b80d2fe812f8382a458c3fc 662bbe42b084b61225e0989dad839d6530d040e4 19a08fd38afae664a55ac38b648f59ed010be51d933272bc951f94f2934963e5 Loading...

	bat.bing.com/bat.js	39 kB	2023-03-07	2023-08-25
Pretty URL bat.bing.com/bat.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2023-08-25 07:33:07 Times Seen42 Hash 16911c194f6e9313655f07c4eb9d8737 d39ccfa8c6d785af331afafe9e36336031f41b64 30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7 Loading...

	forms.app/phishing	371 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 8ccc21d15ac434591ac9cb2a820884f7 cc3df88ee3bdf6a18e5ef458f58e44abf77ebe6a 437f6268f19cee01c28b07b9f24acd2959c59af2fbfea4cf28969fc81ce00044 Loading...

	my.forms.app/static/js/dcomponents.15d95.js	10 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/dcomponents.15d95.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 569fbdf6935544c3d3a1784eb4592c55 a3b077edfefeda6c8f79ba3391c0a53d1f670da3 f560c445d21dbce15e9795fb6f878e5ca8396c3af72661d0f1b909cfea3b4256 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 21:14:10 Times Seen840 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	snap.licdn.com/li.lms-analytics/insight.min.js	7.8 kB	2023-03-07	2024-01-14
Pretty URL snap.licdn.com/li.lms-analytics/insight.min.js IP 23.36.76.210 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-01-14 12:48:17 Times Seen22 Hash 93e8a332e6a6de807c6ef9fdac9689ae 68a0ccb463d6abb247149a50e0a90ff32dd98ad0 b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1 Loading...

	accounts.google.com/gsi/client	190 kB	2023-03-07	2023-03-17
Pretty URL accounts.google.com/gsi/client IP 216.58.207.237 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:02 Last Seen2023-03-17 11:29:23 Times Seen1 Hash bb9b170cf3fe1819dc0257811617a304 1026a742b4a57ef7bf7c6013e794bceec68d9142 b8d7c3857a886d9acadb577eaa1f60f21b047dceeb02c961f4eee058878d1b51 Loading...

	my.forms.app/static/js/lang-en.3d2e2.js	64 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/lang-en.3d2e2.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash aeb019626a5a2fe3b922cc89580b37c4 78a5571245b4bb9ad195017e86907e58c8114a47 710971164c22655e8c44128d9080df32ba2ef75815b9d848270ee95289d6f13b Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js	54 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash c5507d5e3cde9976616c7e970306bf11 62663354d3f8b5b90cfa8bca93ffea0372b01c18 38ec5a4db9550e50a0afe1c192e57b3b2c18ab729d8704d5296178271fadd433 Loading...

	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:19 Last Seen2023-03-17 12:30:23 Times Seen1 Hash 70049e468e315dbffce0c07753fca6f9 6c1cb5e25675de7746ed7dbb4d103aba9faabea0 94cc0d6d41e4b4bcde2f4f3d6292224215a698f20ffe7915c04cb55146537266 Loading...

	forms.app/phishing	311 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash ddaa30d51ee0f71c4968d3d67813b627 e637234a9d563c6d63625c9c15d30a9caaa62678 c83a831e4bea5290e196109a115452431af6120e4c1ba1dce989d489861d19b9 Loading...

	widget.intercom.io/widget/tt7hkkgs	19 kB	2023-03-07	2023-03-07
Pretty URL widget.intercom.io/widget/tt7hkkgs IP 54.230.111.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 13:20:21 Times Seen1 Hash 13926319bf9e51f8472f7299cf684b8a 39c831a58565a53957d9ae3f4852d139d3c4899a 7388da41faff9498bd8add4dfe0bab2fedb7b2f36c74758cdb946554fa744f31 Loading...

	my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js	2.7 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash b8ed79dad68dce90610b507401c9f468 894d7e9b1e0b2c6ecd5d2258054e2785e52986bf 40a9ce4f3b40d4574f33406995c9ffe7861b4cbf248df1c3c146d47ef679c16b Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js	8.3 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 500a7f736c71ced0a240208a5b5e4fd9 a397fa4ac5d5d0f5497f29c08a80ef3cacac2a60 7df7f626c1d646cc04956936ce44a4bd4834095f44e13c8665e4b44befb52a26 Loading...

	www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c	220 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 13:12:44 Times Seen1 Hash 05751c7f036c2b1dc2360a9e1d208b85 bdc0a885918e399f9ef7e59dc9cfdc2b2ee5b0e1 355e88d374d6461018eb489294027c9dac4ad18e1fb8227369febeb5e45cef05 Loading...

	unknown	0 B	2023-03-07	2024-04-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 13:45:00 Times Seen37019901 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	forms.app/phishing	32 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 272c2fe878c19fadf6978a4d68ef4e48 f8ead41a72e19f11ea1adda884fc3bb0448b9b8a be9123e3b842f356cbce35b0c6e625ad71a907a90c61b08411722924884f5595 Loading...

	www.google-analytics.com/plugins/ua/linkid.js	1.6 kB	2023-03-07	2024-04-15
Pretty URL www.google-analytics.com/plugins/ua/linkid.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-15 19:01:06 Times Seen1974 Hash 0cc3a63fe10060af4a349e5df666eefe 3e8d3925b550345123f2cab26568221fd4154f9c 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Loading...

	forms.app/phishing	181 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 10:31:08 Times Seen1 Hash a3766b9d610fe82e4c33b6ce8a414143 4409220371df125aab61cd1471b891879005f76a 9553606b9ba72442d77e6e250f65ce49a0300b9076ac88460d76845ba18497f1 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-WPSL383	218 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-WPSL383 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 13:12:44 Times Seen1 Hash cf5568d5435635c5f3a83f64a00069e9 5368ff4bc0f24dccaeb85db8a4bd6ae7715f4f68 b0f93d5f701de1de590487d80f7ac8975efc294893bcbee81270e509ce52e86a Loading...

	my.forms.app/static/js/vuelazyload.45220.js	21 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/vuelazyload.45220.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 12:33:24 Times Seen1 Hash c9c484adae51a52b2f5e3e08bab61d99 299f1b0fdd775e209cca550c8d6c1ca5435d8d7f 8b06f09064de32af0c1ef92560c2ad7fb47e7faa2b5e518704c399db31dc6e72 Loading...

	my.forms.app/static/js/FormView.7077f.js	42 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormView.7077f.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash b9707ecb3adfb29f59a63771ca8b7e2a d2fe1607de480e4c46ac1284e9fa7174c3dd4e28 78de47b5ce92a31ad3ed925235c5b5bbf07072c4e3ca16fa2d099cd1916cca00 Loading...

	connect.facebook.net/signals/config/175163836725648?v=2.9.79&r=stable	300 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/signals/config/175163836725648?v=2.9.79&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 13:12:44 Times Seen1 Hash 607271ad797e3226193226f3a16c34e1 a94d35d746dc7e1603bef63600eee6be29227c64 057d7dfa5d0bede97ce1e6e2bde5a3405032833430a38061689be741183205ca Loading...

	my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js	12 kB	2023-03-07	2024-04-05
Pretty URL my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-05 18:51:38 Times Seen20 Hash 6f22af0424d3234ea6dc2b5a74bdaa82 04f0f797d5e3448c26ea500414659faf16fd1c6d 5fd7d8552884d1c3bd766bd941ad0aacb74b1c1cf019dcec8b27d0fb9ad51519 Loading...

	my.forms.app/static/js/swal.4f135.js	75 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/swal.4f135.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:23 Times Seen1 Hash 1df6bb2224bc056f33b806cdbce97290 a47d85f6f99fd361a5c66d243fd5642f985be410 9d76d7c224be9260fae97ccfcf886a210f5da6ba7a082afd28b8a50de5760ce0 Loading...

	my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js	2.8 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash e85556c6d5667d1025d90d9ad68fddc2 fdbdd5dd08f53604861a99e01aebadab88e5b688 cb18595c1ff13181511c2dedd1a8d8944f70553778ae40d1071a64fa439eec1d Loading...

	my.forms.app/form/60deff002ca34f5aa4985ab3	382 B	2023-03-07	2024-02-04
Pretty URL my.forms.app/form/60deff002ca34f5aa4985ab3 IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-02-04 09:27:17 Times Seen24 Hash e72e4c3e46ae36de3f9b8097d7853cc8 5eda9fa6a697b768dacdebd64dd1bc8f54c0d7c8 65a37e7ef209e27df98273622b84fe04ba8e2b872820b224901b228e1aa6ae20 Loading...

	my.forms.app/static/js/iicon.bcebb.js	12 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/iicon.bcebb.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 3482ad0eaa6af6df202e32f7e123fb6b 0ad4cd66b76f1a5e1fd698cab658e9baf6a13035 42348d790a485a536ad9f291346d7aef4102081c3725f95009987222d2a576f7 Loading...

	forms.app/assets/js/lazysizes.min.12809749.js	7.2 kB	2023-03-07	2023-03-17
Pretty URL forms.app/assets/js/lazysizes.min.12809749.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 128097497a5265b951d07bc4445072a8 da37014b95172ee145c7a5478f9861857d33cc5e 97185e25db9b6885bd39695f105c5dbf9736f51d7201059cdcc90399dfa79868 Loading...

	connect.facebook.net/en_US/fbevents.js	103 kB	2023-03-07	2023-08-11
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:31 Last Seen2023-08-11 03:38:40 Times Seen44 Hash 026f52d67397fda8ff7ddb28ee932f39 44a56e64bfdba3ceff45066d88f3b8f3db2c9ca3 5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783 Loading...

	forms.app/phishing	436 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 665c57f5b41614992796551d522b3688 acdca375f7132388872746598b383ad619612d62 9a09ac97cc0be90e25f6f7b104ac666b076a08b62fba0a30dabf6c78209a9040 Loading...

	my.forms.app/static/js/isvg.cd861.js	32 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/isvg.cd861.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 7147d1eef8329de02e4b1e1d52123a53 c2f709cf0e7283031149e628daefaba4749cd34b 1d3681118a66d11b6c9ccc2385d7a8b274179c9f61fbc4fe30c24be73d64a734 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662477604435&cv=9&fst=1662477604435&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662477604435&cv=9&fst=1662477604435&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 13:12:44 Times Seen1 Hash 298352a6aef8b1990e7b815dc4df6179 edaf721def4f11a2385834375861b4f2d8b371bd cff1876bd79bc74004878de1002fb1fe3103ab353f471c4056567f35d3839f32 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/794725785/?random=1662477604442&cv=9&fst=1662477604442&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/794725785/?random=1662477604442&cv=9&fst=1662477604442&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 13:12:44 Times Seen1 Hash 55b2d3cd53295eb05f1c9a075878e9f4 be1051be21a044644d7f2b99ff325b3b7d19f92f 1c0f0cab7f2d7eb2eba90e054429b0f941fce9cb1212536fa04c0bef80cfc1d8 Loading...

	forms.app/assets/js/login.fb59ba75.js	6.8 kB	2023-03-07	2023-03-17
Pretty URL forms.app/assets/js/login.fb59ba75.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash fb59ba7597dcd98d717c8c657a4ada34 7ee097229df4c61da22b1b0c6dc3a1924a0d2de7 f604065e360fa22332cac11edf4948e1de95987a7d55f288c2f1e0ff692ec14a Loading...

	forms.app/phishing	4.5 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 054ec8d7a13b71c39845ceea6121f5d3 07e4c8843463aab30ea369d665d8b37bdec32ec3 1ae5cfac6209392a976bb05a374b8fa60f6110d082a0c9f0c506775245e1dd4e Loading...

	bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1854&ck=1&ref=https://forms.app/phishing&be=283&fe=1747&dc=582&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662477604830,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:41,%22rp%22:233,%22rpe%22:237,%22dl%22:237,%22di%22:575,%22ds%22:582,%22de%22:583,%22dc%22:1745,%22l%22:1745,%22le%22:1753%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken	49 B	2023-03-07	2023-05-22
Pretty URL bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1854&ck=1&ref=https://forms.app/phishing&be=283&fe=1747&dc=582&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662477604830,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:41,%22rp%22:233,%22rpe%22:237,%22dl%22:237,%22di%22:575,%22ds%22:582,%22de%22:583,%22dc%22:1745,%22l%22:1745,%22le%22:1753%7D,%22navigation%22:%7B%7D%7D&fcp=392&jsonp=NREUM.setToken IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:29 Last Seen2023-05-22 08:03:01 Times Seen332 Hash f34efd1229ae6c1fec6c67f7fa8e20f9 477f40b6d9cb8a306b0aca97462caef4ab26cb6f a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0 Loading...

	my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js	1.3 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash b614081809dfa41e92edc14e82a5b369 362db7dfb24a0c389751c1ccb87a5a87bdf52a12 d2561e2e4db21b516bdb596adcad376354344c7c0c1f0ba07d7ca7c7949b7eae Loading...

	my.forms.app/static/js/vuegtm.3359a.js	10 kB	2023-03-07	2024-04-05
Pretty URL my.forms.app/static/js/vuegtm.3359a.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-05 17:36:37 Times Seen46 Hash 878db373bf77c263c9222dcde6a8015a e9b695528553768cec0ca6e81670b8ccfc55877f b8aed900cfea3a399c5b1477ac8b584e59b4c5c07d36dff1c3e16ea07bba6d93 Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js	276 B	2023-03-07	2023-07-20
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-07-20 21:16:25 Times Seen10 Hash 60e1826dac4552933348dbc6f2195248 88464c417eddf576a5e50cfa81c23d295c10ad3b f7db3ba8fc51915040e02f20c1ebced4f77c326dde94c5918c04fd6fee821753 Loading...

	my.forms.app/static/js/mainheader.53158.js	7.0 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/mainheader.53158.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash f4c7462542bbf8893c02d6e6e624dcf4 ec6461e6aaafd08c7db096067a3cf196cb1b0be9 70b76a8c3918aa963e57ddd33711094d66bfcb196a5c5c0a49c872621ff3ca4a Loading...

	forms.app/phishing	375 B	2023-03-07	2024-01-22
Pretty URL forms.app/phishing IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-01-22 14:10:06 Times Seen10 Hash fb1287fd70883e651f085686002c9ca8 0359f31e27dcda183ae6623ab679aead74f2a867 e55c57249936358e468a9dd77446797fac1ac6b9308933b49a30840b011d1509 Loading...

	my.forms.app/form/60deff002ca34f5aa4985ab3	31 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/form/60deff002ca34f5aa4985ab3 IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:23 Times Seen1 Hash 9c3ac40ba1ac193af7d39a1238f73f1d 2737fc7f5e4b24ebe140b86bfb1b22ec70448dd4 bb9f7c291f9c4a26471fe9a5ff68819cf1abeb047007890fab6662766d81a866 Loading...

	my.forms.app/static/js/runtime~app.1ad07.js	24 kB	2023-03-07	2023-03-07
Pretty URL my.forms.app/static/js/runtime~app.1ad07.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 14:34:07 Times Seen1 Hash 83d2bdb8f01979f1b781aff5b3eaec5b 6268c33b66691afeed8de6a5fa8d57d814e01495 18829cfee3eacba7d65c72d3ebb0f397998b9407b59cb3a07f4428900af0149d Loading...

	static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194	14 kB	2023-03-07	2024-04-23
Pretty URL static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP 172.64.156.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-23 06:45:22 Times Seen1630 Hash 19514b1be5ee33b45d32c1fcd4c67ec2 bdeab77b43cafcc638df9d7c26f1aa7f46bf1fd5 fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505 Loading...

	my.forms.app/static/js/asyncstyles.7792f.js	267 B	2023-03-07	2024-04-05
Pretty URL my.forms.app/static/js/asyncstyles.7792f.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-05 20:33:46 Times Seen37 Hash e9ab4946cf2a453adb928ba6eaf58699 1280272fc2b80ed3d22e058bd2007b46860f900a 624c98a4aae29a8b19af5a99ce8683003dad8f99ae42d2dbe7b8305930ddbc81 Loading...

	my.forms.app/static/js/icons.2b7bf.js	221 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/icons.2b7bf.js IP 172.67.72.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 12:33:24 Times Seen1 Hash fe835cf9d9c006d2d116c6be5bfac47e e126c7fe8b7c6c9772f1c0d8e868cb91c2cf4617 18943f0cb76f1cf5556b6da7f7fd81b6f8ab2c814b718203ea8a82ba08eb2381 Loading...

	certify-js.alexametrics.com/atrk.js	4.3 kB	2023-03-07	2023-11-20
Pretty URL certify-js.alexametrics.com/atrk.js IP 143.204.55.5 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2023-11-20 12:42:18 Times Seen489 Hash d89453438fbf10dcf4c13265c40d5160 02d5f4e46c94bf34e12b2d773f63f643ea2b3518 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f Loading...

		Size	First Seen	Last Seen
	#1 Write - fe364450e1391215f596d043488f989f	15 B	2023-03-07	2024-04-23
Pretty Observations First Seen2023-03-07 01:02:47 Last Seen2024-04-23 13:06:33 Times Seen14253 Hash fe364450e1391215f596d043488f989f d1848aa7b5cfd853609db178070771ad67d351e9 c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e Loading...

HTTP Transactions (127)

URL IP Response Size

my.forms.app/form/60deff002ca34f5aa4985ab3

172.67.72.65

301 Moved Permanently

0 B

URL HTTP/1.1
my.forms.app/form/60deff002ca34f5aa4985ab3
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /form/60deff002ca34f5aa4985ab3 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 06 Sep 2022 15:20:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 16:20:08 GMT
Location: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1c8%2BKxYW4ItJ9QtM%2Bevw1%2BwuV%2F%2FKrwdRpDzaIRIWr%2BycET8Q%2FYqEPmcGCZZjJ2P0OgSQTgqZrUmedCreiaWR1XHy%2FMfUmhVHnQsx9AATO8FfJ3WrvxYQ1WDSFscxIg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74682fdc2ed60b65-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 15:04:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9hSz459xggHTWFK1CrUNnmSyvjxEQ7zzlDDlFjJIJ46k7es6cZJGfg==
Age: 949

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6643
Expires: Tue, 06 Sep 2022 17:10:51 GMT
Date: Tue, 06 Sep 2022 15:20:08 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CJSz1Lhdc7iTiAZVYxUgqQaVD82J3xlPLJxUF91Hesi4nEdCHwA4Mw==
age: 50691
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
62c739a1335c5cf0fd4e783db6cdf14b
4f4a2acf32a7b7d8d86f7d0b037cdd16d59704ff
de1d42a2f47b8a7f1fed1880f1b485f63a5e07ede87fee3194cabeab056cf6f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-WPSL383

142.250.74.72

200 OK

75 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-WPSL383
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (15501)
Size
75 kB (75382 bytes)
Hash
1eb6fa0d2affbc298f25af9c6f43c2d2
2998189636db38ea2117a0b84797a32652c79c9d
b391d23eab039ed03f3de3e89837075ecc0e2bddc6d7237b0a37714624a01c16

HTTP Headers

GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 06 Sep 2022 15:20:09 GMT
expires: Tue, 06 Sep 2022 15:20:09 GMT
cache-control: private, max-age=900
last-modified: Tue, 06 Sep 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75382
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

my.forms.app/static/css/vendor.88295.css

172.67.72.65

200 OK

1.5 kB

URL HTTP/2
my.forms.app/static/css/vendor.88295.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2898), with no line terminators
Size
1.5 kB (1498 bytes)
Hash
2435c66281bb05dbe11b7acd61f6119b
6398808d4d14e3b7d6d0bd44d7a4c9171c0d1693
08065c31b0dd4cc8ff16cc87f7e7cb5afaec153c5e093ffa4026434f75524ffd

HTTP Headers

GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:00 GMT
vary: Accept-Encoding
etag: W/"6315f4b0-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFrcua%2FB60bJ1oQUlJspe%2FtYYm6Fb%2Fp9EKUs%2F%2B57oWzpHNNQ%2BnehPMd1uJwd2W6fGfYqoe80%2Bss5CXBLhJNJs7IIKxLq7SxFZv0EVlrQaDtStMrML0%2B1lFy5WRAAVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe01ca51c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/swal.2ebcf.css

172.67.72.65

200 OK

9.6 kB

URL HTTP/2
my.forms.app/static/css/swal.2ebcf.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (24334), with no line terminators
Size
9.6 kB (9553 bytes)
Hash
d62128d319584b053a564566492edda1
85e67c328a032a33219d3dc2f31e4ac054da5b02
b5f0ac657f19b71a8fb71be89a1f020623d775e7f1290fa6a5ddfccf1769abf5

HTTP Headers

GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aAWMqfmYmKKBdNDZReQE7zsLYgsoUNWp%2BPc9TcBIBdMzR0iI5FVXmN6vcaUfYVEjxtML0jP7qdOiMqyQczC%2FAnfeX4%2BvIKc6bzcvRLbddpjYMJ9vudkgf7bzDqs82A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe17eb81c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.forms.app/user/gettimezonefromutc

104.26.7.145

204 No Content

0 B

URL HTTP/2
api.forms.app/user/gettimezonefromutc
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 204 No Content
date: Tue, 06 Sep 2022 15:20:09 GMT
access-control-allow-headers: authorization,content-type
access-control-allow-methods: POST
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rmcDrd42nBMqU%2FrTxlZy6CdL7QUr6taMQ%2Fbt606Rq61V8XHxxWRbK9%2FL0kWRKdzmqbFICja%2BS4GDhWbbFdQeWofqTgfSBjAADb2upq1UPwrUqSltxL8ydq0E6oTNa88%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe22ae2b50b-OSL
X-Firefox-Spdy: h2

my.forms.app/static/js/country-en.83d29.js

172.67.72.65

200 OK

81 kB

URL HTTP/2
my.forms.app/static/js/country-en.83d29.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (4128), with no line terminators
Size
81 kB (80687 bytes)
Hash
101f95ec502adcd55a9f46ab7a985e20
864bf284194ce229c7b8781970bec4a82aa04b40
cbb60c6a261d33e911b573db61d834b4e06e01d6bed6a49c545afb497cea8342

HTTP Headers

GET /static/js/country-en.83d29.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:39 GMT
vary: Accept-Encoding
etag: W/"6315f4d7-102a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N1o7B8%2BG%2FRnOWDXFTCqIOiXzBJFqOUD8wPt0OH8YLU%2BzaFVofxF%2FZv2i81RGrhxoXUNmLFd1p7q0Ox%2FsHTe9mqq2EMZdg67UZ7sjQWV1mk1tyazXmrFYh%2FWcJEQ%2Fkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe10e3a1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js

172.67.72.65

200 OK

63 kB

URL HTTP/2
my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2713), with no line terminators
Size
63 kB (63219 bytes)
Hash
cde625d10cc8fe5301e77bb2c0dacc6f
fa3c8bb40479b282baf5d037eddefa88054f1603
eaef49748d3462adefddd85443ebdf9df6cf29a3927afd4c8eea046a9c817e07

HTTP Headers

GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:09 GMT
vary: Accept-Encoding
etag: W/"6315f4b9-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6Fq8a37SbA%2F0UEfDWj%2FOdk2vNpggcxZs0mAxOB5YI2BQ7nx8CdtSqvHRiGqw%2FemkXnzLfuVISnsHr9HLzJgOv%2FQEr8CmB06ZQQPHUffLJMuOKIQas95fDtUszRDiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe1bf051c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/app.d858d.css

172.67.72.65

200 OK

14 kB

URL HTTP/2
my.forms.app/static/css/app.d858d.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (14456 bytes)
Hash
bcccf22bb93802c99e276df532dcace1
095d7ecaf793e2ca561ae36328df299c9749db7e
4565f54dd1e5a4481aa51d3fe82f4a5961aa16b7c53353d976dc65e6ceb69d4c

HTTP Headers

GET /static/css/app.d858d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-107d0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9SG0OCibtR4MEP7g98in9xdNATXJmSaQpJnQL5mg7eJJiAge23FG0MqwpCx8i6TKQk8F%2BiDaj7Xe6AkuWymZN7o3ecgJNFIm3FABlMU1nGH89Ky9fSvg%2BWCnmvZvGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe01ca91c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5036
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Last-Modified: Tue, 06 Sep 2022 13:56:13 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

my.forms.app/static/js/asyncstyles.7792f.js

172.67.72.65

200 OK

45 kB

URL HTTP/2
my.forms.app/static/js/asyncstyles.7792f.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
45 kB (45056 bytes)
Hash
856a0ceb12f452938709c5076101f89c
ecf9a33f46644729cb635e58cf6335a4791221e3
c71a159b1de3d02b668ccffc185d03e6917df1d00d595d1f637ec148a3b1834f

HTTP Headers

GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:14 GMT
vary: Accept-Encoding
etag: W/"6315f4be-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0BI8mnAxewKvXFnxl6ip%2FHdu5M3if50Xd7tVavDN8sSpwtG3PKZpeM4MuhKe8nCU31ZQohUGjTqb%2BOrztVifBFG9zPo5tE4zBGY5lSea%2BilF4kRM6w3BalQGQNk0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe01cbe1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/icons/favicon-16x16.png?v=1

172.67.72.65

200 OK

336 B

URL HTTP/2
my.forms.app/static/icons/favicon-16x16.png?v=1
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
336 B (336 bytes)
Hash
daf2b94f00301f3f32d988b63290fef3
14242ca4977ec997a5d3d7e779186697e41a5c59
fd0abd01ba09e6eb0128a9f674b62173daca5a341a2a30883f60c9211d50d4b8

HTTP Headers

GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.1.1709777626.1662477604
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: image/webp
content-length: 336
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=916
content-disposition: inline; filename="favicon-16x16.webp"
vary: Accept
etag: "6315f4e0-394"
last-modified: Mon, 05 Sep 2022 13:08:48 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1347
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CamkrrsGeOnu50raYTxGye1QayqxQYlC2CX5j0V9le73kmfdL0UvOqT4zZ%2FeC1vqVqUfUHUSdxjtXsQdjEIMT838ziPKmMninQ3a%2Bse1Dn5O7Nedza%2BDQA51K3ZSfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe5dc381c06-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4354
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Last-Modified: Tue, 06 Sep 2022 14:07:35 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

my.forms.app/static/js/iicon.bcebb.js

172.67.72.65

200 OK

39 kB

URL HTTP/2
my.forms.app/static/js/iicon.bcebb.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12265), with no line terminators
Size
39 kB (38968 bytes)
Hash
ad50cfb97e657aded22794bdd6a8e1f3
0eaec2acf49f6b4a23b4e3d31517e941119046f9
01b3e7f4dee8e2fc0f2f7144cee55512c03205054b9ba660df91de3331e16c76

HTTP Headers

GET /static/js/iicon.bcebb.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:02 GMT
vary: Accept-Encoding
etag: W/"6315f4b2-2fe9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMn86YWgeMntwSdDjnIS%2BPVN%2Bt9iTnJd%2Bcx9Jkq6ZsAYveuU5eWYqp4RRHBS0AU01Nw9SgYnCApslJucGGqiSHNk648Uun5j32gIRvjh7YAL%2BgUEH5HKDK5R1Ivp8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe02cc71c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3df811ac19fde08f49ef246c29cef161
e1c8d54b357adaf32e80427028cc884fa35959e0
e2749178e0bf0c4045a96388a58029ddd92d13a866021737864cd68e11317292

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

27 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
27 kB (26737 bytes)
Hash
8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: vCtqD7QCXA0pf8IIuIJOtNnD2yhNQSUAp7LVac6Xn+7R53fABeQyuylsQY33lhiMsjnSHbCOZ+FSNSyTeT/Lsg==
priority: u=3,i
content-length: 26737
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 15:20:09 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
21d1b5be072df45253749eeb3290be82
4ac9978797c085289b9fcc2fe9a57b619e1c78c9
9ea779e1ad86a4a7c403b574908e2dc60d079b366ab1cf439b34c73c9a9c64c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4355
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Last-Modified: Tue, 06 Sep 2022 14:07:35 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

www.google.com/pagead/conversion_async.js

142.250.74.164

200 OK

16 kB

URL HTTP/2
www.google.com/pagead/conversion_async.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1623)
Size
16 kB (15687 bytes)
Hash
4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 06 Sep 2022 15:20:10 GMT
expires: Tue, 06 Sep 2022 15:20:10 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

my.forms.app/static/icons/apple-touch-icon.png?v=1

172.67.72.65

200 OK

5.7 kB

URL HTTP/2
my.forms.app/static/icons/apple-touch-icon.png?v=1
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.7 kB (5681 bytes)
Hash
c43b1e0fe485cb53c3fd9330372b51c3
a0901719a49fee671cffea18381c0eb187a66f88
e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000

HTTP Headers

GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.1.1709777626.1662477604
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 05 Sep 2022 13:08:34 GMT
etag: "6315f4d2-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVz3VKXbN%2BI2GYHu%2FWOqIoYdpS3L8bY0cltX%2BJbXAUZXliibzhIjv9JMmS9e79qNFvy15TB5qOPhZmnPCVeSzwERdl11uN6uWwXd8ULv9aSz8NNO46piQqWubhMgEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe5cc321c06-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/js/swal.4f135.js

172.67.72.65

200 OK

20 kB

URL HTTP/2
my.forms.app/static/js/swal.4f135.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
20 kB (20306 bytes)
Hash
301906125094a87265f8efcaff583591
8adde56ab685f55301cb788ee3f7be8e0e4b6481
58f3d807725d8e04cd8029b0b9e6599d9e39c71924a5853cb2f290b9b14af0f0

HTTP Headers

GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:20 GMT
vary: Accept-Encoding
etag: W/"6315f4c4-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EW1CIYjtA4E6qGV5i6eHBEalFNAvlBG3UBBT8F1QYLb%2Fjk82OKboUxVpy91ziMCDgfiZWxui18phYsBWwSR0KZZtPGiCwPzrSNPqOCEmlaG7Aj14J%2B%2FTpUd2lO12cA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe19eda1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
10585eccdd73117e0bc71ecaf1cd02cb
7bda7ff7308cac8c8824a5a558097a15a2325f5e
6303f8b80751e64006c77524615f10709b136b0606695feb0f51b964e0c2163d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
10585eccdd73117e0bc71ecaf1cd02cb
7bda7ff7308cac8c8824a5a558097a15a2325f5e
6303f8b80751e64006c77524615f10709b136b0606695feb0f51b964e0c2163d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662477604435&cv=9&fst=1662477604435&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662477604435&cv=9&fst=1662477604435&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2342), with no line terminators
Size
1.1 kB (1058 bytes)
Hash
6fa8da3037de52c663b656ddd4c96329
2af16b9fd4f41d04e0624fc530e652fc80f05db6
5ec821ede80f53c956ff86c58659f6aa26549f0dc4427283458f2c9b12b56ced

HTTP Headers

GET /pagead/viewthroughconversion/587928374/?random=1662477604435&cv=9&fst=1662477604435&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 15:20:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1058
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 06-Sep-2022 15:35:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=1709777626.1662477604&jid=951355189&gjid=1352509486&_gid=735807589.1662477604&_u=aCDAgEAjAAAAAE~&z=1546186257

142.251.1.156

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=1709777626.1662477604&jid=951355189&gjid=1352509486&_gid=735807589.1662477604&_u=aCDAgEAjAAAAAE~&z=1546186257
IP
142.251.1.156:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=1709777626.1662477604&jid=951355189&gjid=1352509486&_gid=735807589.1662477604&_u=aCDAgEAjAAAAAE~&z=1546186257 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://my.forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 06 Sep 2022 15:20:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/794725785/?random=1662477604442&cv=9&fst=1662477604442&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/794725785/?random=1662477604442&cv=9&fst=1662477604442&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2404), with no line terminators
Size
1.1 kB (1078 bytes)
Hash
2f47319dc3f24b696222d3f08cdd315a
b466a0d5237f5c14c29976f0563de8a8c9b7d353
3ad69a0a1c528502beb33c424ea7582752c7d21c4039ae8f18510d639c23a178

HTTP Headers

GET /pagead/viewthroughconversion/794725785/?random=1662477604442&cv=9&fst=1662477604442&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&auid=930668718.1662477604&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 15:20:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1078
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 06-Sep-2022 15:35:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
10585eccdd73117e0bc71ecaf1cd02cb
7bda7ff7308cac8c8824a5a558097a15a2325f5e
6303f8b80751e64006c77524615f10709b136b0606695feb0f51b964e0c2163d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.forms.app/form/60deff002ca34f5aa4985ab3/view

104.26.7.145

204 No Content

0 B

URL HTTP/2
api.forms.app/form/60deff002ca34f5aa4985ab3/view
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /form/60deff002ca34f5aa4985ab3/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 204 No Content
date: Tue, 06 Sep 2022 15:20:10 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U5mrcmZBQAQ02ooa40nwAq0LmED8akRbqlCFDPxDaREK1Cu3FH4Ll2s0izRCPRN6Fm9G%2BrZ%2FlcVXBIoGTQ0K4hQq2GZwnvQQ%2FhqGqOsSmNjh904bJjJK2ou9ghxNkxo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe41e44b50b-OSL
X-Firefox-Spdy: h2

bat.bing.com/bat.js

13.107.21.200

200 OK

11 kB

URL HTTP/2
bat.bing.com/bat.js
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size
11 kB (11367 bytes)
Hash
293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab

HTTP Headers

GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=26BC8C7EAB9A6A5514079E69AACD6B0A; domain=.bing.com; expires=Sun, 01-Oct-2023 15:20:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7031565F0A93476D833C3DABA5DE5814 Ref B: OSL30EDGE0320 Ref C: 2022-09-06T15:20:09Z
date: Tue, 06 Sep 2022 15:20:10 GMT
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ&gtm=2oe8v0&_p=340005707&cid=1709777626.1662477604&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662477604&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ&gtm=2oe8v0&_p=340005707&cid=1709777626.1662477604&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662477604&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-740JKHV4FZ&gtm=2oe8v0&_p=340005707&cid=1709777626.1662477604&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662477604&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://my.forms.app
date: Tue, 06 Sep 2022 15:20:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f53ebd30fa3351f320ca2c8764734ff1
9205e35b1cef1602414af2350ba6205f4129234c
d486cc21bbc47eac5718644e1b280d12a5a4bc92ec97a0e88f184bf6422cb6f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e1336388cf579034dbc18680696da587
6d633baf8cf123d56a6da8bba402659ad4cb7c08
7d44c52a9037bd2cf2069acccacc49bf38f4c392fd92a6d4f1bfd4623cdcc49e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f53ebd30fa3351f320ca2c8764734ff1
9205e35b1cef1602414af2350ba6205f4129234c
d486cc21bbc47eac5718644e1b280d12a5a4bc92ec97a0e88f184bf6422cb6f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/587928374/?random=1662477604435&cv=9&fst=1662476400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&async=1&fmt=3&is_vtc=1&random=2681222187&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/587928374/?random=1662477604435&cv=9&fst=1662476400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&async=1&fmt=3&is_vtc=1&random=2681222187&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/587928374/?random=1662477604435&cv=9&fst=1662476400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&async=1&fmt=3&is_vtc=1&random=2681222187&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 15:20:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=1709777626.1662477604&jid=951355189&_u=aCDAgEAjAAAAAE~&z=881187722

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=1709777626.1662477604&jid=951355189&_u=aCDAgEAjAAAAAE~&z=881187722
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=1709777626.1662477604&jid=951355189&_u=aCDAgEAjAAAAAE~&z=881187722 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 15:20:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=0c005dc1-d750-47d3-a0a0-bf3e1be2442f&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&kw=form,%20builder,%20formbuilder,%20free%20form%20builder&p=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&r=&lt=1198&pt=1662477602600,,,,,201,377,377,377,396,380,396,590,593,621,1030,1194,1198,,,&pn=0,0&evt=pageLoad&sv=1&rn=601217

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=0c005dc1-d750-47d3-a0a0-bf3e1be2442f&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&kw=form,%20builder,%20formbuilder,%20free%20form%20builder&p=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&r=&lt=1198&pt=1662477602600,,,,,201,377,377,377,396,380,396,590,593,621,1030,1194,1198,,,&pn=0,0&evt=pageLoad&sv=1&rn=601217
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=0c005dc1-d750-47d3-a0a0-bf3e1be2442f&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&kw=form,%20builder,%20formbuilder,%20free%20form%20builder&p=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&r=&lt=1198&pt=1662477602600,,,,,201,377,377,377,396,380,396,590,593,621,1030,1194,1198,,,&pn=0,0&evt=pageLoad&sv=1&rn=601217 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=08D5581D88E368E636F14A0A89B46909; domain=.bing.com; expires=Sun, 01-Oct-2023 15:20:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 49150EDB74B64FDB8A6E9DC61DD82388 Ref B: OSL30EDGE0320 Ref C: 2022-09-06T15:20:10Z
date: Tue, 06 Sep 2022 15:20:10 GMT
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/794725785/?random=1662477604442&cv=9&fst=1662476400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&async=1&fmt=3&is_vtc=1&random=2976532928&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/794725785/?random=1662477604442&cv=9&fst=1662476400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&async=1&fmt=3&is_vtc=1&random=2976532928&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/794725785/?random=1662477604442&cv=9&fst=1662476400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fmy.forms.app%2Fform%2F60deff002ca34f5aa4985ab3&tiba=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&async=1&fmt=3&is_vtc=1&random=2976532928&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 15:20:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e1336388cf579034dbc18680696da587
6d633baf8cf123d56a6da8bba402659ad4cb7c08
7d44c52a9037bd2cf2069acccacc49bf38f4c392fd92a6d4f1bfd4623cdcc49e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/img/form-disable.png

172.67.72.65

200 OK

9.9 kB

URL HTTP/2
my.forms.app/static/img/form-disable.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data
Size
9.9 kB (9896 bytes)
Hash
284c5d4bb722101d9ce5f925f5c0b9e7
c610bce010897692b228623b36a8da6e78ade7f5
d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650

HTTP Headers

GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-length: 9896
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
etag: "6315f4bc-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBBWj2Ra7kmO2WUSOEX4zyCGwlrV6USoNw6vJbw476hUnTeP5Tqy07RMkLnuJ3T8nr55yh4fT5p8stA%2B7%2F6xOTTwfVR6ZqEvRVIaek9gLl40lpPzoKJdtKrYkYJgiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe9ca7a1c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/formsapp-logo-white.png

172.67.72.65

200 OK

6.0 kB

URL HTTP/2
forms.app/assets/img/formsapp-logo-white.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 372 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
6.0 kB (5999 bytes)
Hash
6ee2889a7dfce7a672edbdf7d6738417
104995abea6706eb66f18e2f044ab42f72f05340
af3b27797947e7ac9d456686cb71e31469c7b4df60ae88ae62f2b55584a3f7da

HTTP Headers

GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-length: 5999
last-modified: Tue, 06 Sep 2022 13:04:02 GMT
etag: "63174542-176f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5EKHLY2TrUutj1imlRUSsq7wDHVdj1unJy0ffAKwVAOuM63kFQ7bw4d4RypDnVTe9wqVOASQaoyLjbFqMK8bUoPTB9D9sVRNNTaP58EqperE28DtRESYzIY0OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb3c781c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/form-builder-blank.png

172.67.72.65

200 OK

149 B

URL HTTP/2
forms.app/assets/img/form-builder-blank.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
149 B (149 bytes)
Hash
eab6bf754eb6a790cc1240262c1c3a29
9ea4eaac5215410d39dadda7a62e8b287975521a
d19c316cd024fbefdb82a69b3233eea0f502b445dbe80c17c4596f295c354f12

HTTP Headers

GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-length: 149
last-modified: Tue, 06 Sep 2022 13:03:07 GMT
etag: "6317450b-95"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5lKQ4EdpeY%2FdcjTGHXkjOPSDekSQmmggx7hJsvmP0HZtfrqKKkkd2%2FI6x3PGkujRPokYxpMKMjNB8vVSC%2BrQoRxdZXAjs%2FaT81Ako124M7LPBtubAHgi9Ndi%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5caf1c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/iconfont/iconfont.woff

172.67.72.65

200 OK

18 kB

URL HTTP/2
forms.app/assets/iconfont/iconfont.woff
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 18416, version 1.0\012- data
Size
18 kB (18416 bytes)
Hash
64f7aa12b6b4451be569df62604435a5
45ce2923a9a7c71988b1528c07379233bae693dc
552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42

HTTP Headers

GET /assets/iconfont/iconfont.woff HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:11 GMT
content-type: application/font-woff
content-length: 18416
last-modified: Tue, 06 Sep 2022 13:07:14 GMT
etag: "63174602-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCwQF5p%2BAqB4H3x4Z6Pn5VvtlllhFX81UI3CsmRj%2FFYO9OsMa1D4Mg1wZaBrjDBwPKVP%2BuhinWmKdv0uEpkdy2ZZAsIDix8OcCCqg9C0C2LxKzYULfFdkLENXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb9cec1c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/phishing.png

172.67.72.65

200 OK

16 kB

URL HTTP/2
forms.app/assets/img/phishing.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 647 x 173, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16006 bytes)
Hash
6dc4d5bf6c0edf6c5580179a95f9ba45
e569728801513f3177f2c92eddf0f22578f68760
3f462262606da182df7b8e840e32bcb1c1547596df43a691a5e33c72c7c54c09

HTTP Headers

GET /assets/img/phishing.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:11 GMT
content-type: image/png
content-length: 16006
last-modified: Tue, 06 Sep 2022 13:07:15 GMT
etag: "63174603-3e86"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Qx4uFtcR2UvxywZ8hikgzuHDBdDlyKJQpxqgok5xWv2jy84D%2BrY0KovBzPNku%2FO%2BfWaiLYBya%2FIY1mkWv5OhBDMaoczMPe30bHgaoq3hXeKhBkfUnDhoyDcFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fed5eaa1c06-OSL
X-Firefox-Spdy: h2

forms.app/static/icons/favicon-16x16.png?v=1

172.67.72.65

200 OK

336 B

URL HTTP/2
forms.app/static/icons/favicon-16x16.png?v=1
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
336 B (336 bytes)
Hash
daf2b94f00301f3f32d988b63290fef3
14242ca4977ec997a5d3d7e779186697e41a5c59
fd0abd01ba09e6eb0128a9f674b62173daca5a341a2a30883f60c9211d50d4b8

HTTP Headers

GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.1.1662477605.0.0.0; _ga=GA1.1.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:11 GMT
content-type: image/webp
content-length: 336
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=916
content-disposition: inline; filename="favicon-16x16.webp"
vary: Accept
etag: "6315f4d2-394"
last-modified: Mon, 05 Sep 2022 13:08:34 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1234
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2BC9olOpJ%2BQgjchJD44H2XbrlJ0EpUt8c3%2BMJk2rkzTHzKsPJMWiXdYWgYJRgcg9U5nT3Xpq7hN%2BS6%2BCWfBiWicZzmhe4B5jh8LUc66IbC00TmsnZR7fAfG5DA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fee9fcf1c06-OSL
X-Firefox-Spdy: h2

certify-js.alexametrics.com/atrk.js

143.204.55.5

200 OK

4.3 kB

URL HTTP/1.1
certify-js.alexametrics.com/atrk.js
IP
143.204.55.5:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (4255), with no line terminators
Size
4.3 kB (4255 bytes)
Hash
d89453438fbf10dcf4c13265c40d5160
02d5f4e46c94bf34e12b2d773f63f643ea2b3518
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

HTTP Headers

GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z6jSE862Uz547ZLK0OZdF9i5fw9vf5Mf-kIf5cE4ZK7Mi1IYmyo0Pg==
Age: 2114288

snap.licdn.com/li.lms-analytics/insight.min.js

23.36.76.210

200 OK

3.1 kB

URL HTTP/2
snap.licdn.com/li.lms-analytics/insight.min.js
IP
23.36.76.210:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (7751)
Size
3.1 kB (3063 bytes)
Hash
57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6

HTTP Headers

GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=43856
date: Tue, 06 Sep 2022 15:20:11 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51793b7aca12e07c707f923e821c3231
8aecbe01ed606227ff1d7c5684f4ca82e5016bf9
a3a7bcdc8076b46d7c77ae9a4b22a064de07b296c9e18070aaed7ad9c8fdef8b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 15:20:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=0c005dc1-d750-47d3-a0a0-bf3e1be2442f&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=1&msclkid=N&evt=pageHide

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=0c005dc1-d750-47d3-a0a0-bf3e1be2442f&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=1&msclkid=N&evt=pageHide
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=0c005dc1-d750-47d3-a0a0-bf3e1be2442f&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=1&msclkid=N&evt=pageHide HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=230BCD76137F6D4B3755DF6112286CE4; domain=.bing.com; expires=Sun, 01-Oct-2023 15:20:11 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D6CE4FCDCC18418A96307C9C4CA19ACB Ref B: OSL30EDGE0320 Ref C: 2022-09-06T15:20:11Z
date: Tue, 06 Sep 2022 15:20:11 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15947
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 15:20:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15947
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 15:20:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15947
Expires: Tue, 06 Sep 2022 19:45:58 GMT
Date: Tue, 06 Sep 2022 15:20:11 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed40d152-6303-4f00-ad80-054a81ea5425.webp

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed40d152-6303-4f00-ad80-054a81ea5425.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6482 bytes)
Hash
0efc32eccbf76ac0d89f324d09a7fd1f
f8589eb3907582137d8b9373af745d80eddbf1bb
ee0f5e56c97e50e1c20801ad0a5379982feef16a11137f784f404d14e9c65824

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed40d152-6303-4f00-ad80-054a81ea5425.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6482
x-amzn-requestid: 5e5b342b-0224-4916-8656-237b4c90ae66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAX-5FaYIAMFzjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d2b-412f897b451130af70026eab;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8UExY-3ojiqMEfyXXKG6kJcB5CRiNnfgG5JQS3gWnd4t4bbKNzbsYA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:45:43 GMT
age: 63268
etag: "f8589eb3907582137d8b9373af745d80eddbf1bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12573 bytes)
Hash
3fe4a321dcd6a94a637a528d74f9321a
3f3aad2cc71226b39549db1a9baa6837d4f1d897
a19b6749429e8ecaeac8fc0849abc4d891bfc628489762b1619a3ee3064536e3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12573
x-amzn-requestid: 92e03b26-883b-41e2-9033-379a6d02210c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYCdGy8oAMFQZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d42-1c4ea2f74b796623574bde87;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: u1hKGB5UKEuuIVqcQ_Lx5wfBjy_hB32Jnp7_mDnF2BrsN4a6Mj_WJQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:46:16 GMT
etag: "3f3aad2cc71226b39549db1a9baa6837d4f1d897"
content-type: image/jpeg
age: 63235
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4426 bytes)
Hash
c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bSBSzzRMdrVdoV3Ld8hYWq2AwO7Mswcwa8Tk_AKa44j1SlrFugNqpg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:48:06 GMT
age: 63125
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12683 bytes)
Hash
ec466c0d472e43c11d36bf6fce068205
720d3624a76d060b8e2699e9aa7a320e3efd4878
5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 04:36:52 GMT
age: 38599
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6656 bytes)
Hash
983e705542fa78b4d5c876e0c1eada7e
5fc951e5236edd282d4975853ca35dab2e55fb17
fa6e478fc213f6cb6c9f33c96c51105262c857bfe313b3d310755be30b1feeb3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6656
x-amzn-requestid: 2703eaf4-1a5a-41a6-859b-47255865efb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAX-3F2ZIAMFpLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d2b-6df026de5a9230ed429d08c1;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FIIvB2jeQ_PBDzi8XRN0jnNxze3OwDbz8TBaIcadRvmQd2EFhCwX7Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:45:42 GMT
age: 63269
etag: "5fc951e5236edd282d4975853ca35dab2e55fb17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

file.forms.app/sitefile/WhatsApp.png

172.67.72.65

200 OK

14 kB

URL HTTP/2
file.forms.app/sitefile/WhatsApp.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13889 bytes)
Hash
bd272b54344b42d08ae2db916d9b6351
c2deb2254bbf786e66e1f9b876d2b5dd6b4590b4
c7de4a8ca2c6970ab18a2da808059a5ff7c35475c3f7572af2d249319668b12b

HTTP Headers

GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:11 GMT
content-type: image/png
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADuRN7MzddJCJxs7PEBXdzu5zy7tCKyVKi0D1xawM4MNFLo0CCYy4YOTJSSG2ltt0TneopBwJfYfh3Dku0NQELaSLGyANjLy%2FJiTfJLhO2GTRED1fFUPw20AL4xZgZDx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5c9a1c06-OSL
X-Firefox-Spdy: h2

forms.app/static/icons/apple-touch-icon.png?v=1

172.67.72.65

200 OK

5.7 kB

URL HTTP/2
forms.app/static/icons/apple-touch-icon.png?v=1
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.7 kB (5681 bytes)
Hash
c43b1e0fe485cb53c3fd9330372b51c3
a0901719a49fee671cffea18381c0eb187a66f88
e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000

HTTP Headers

GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.1.1662477605.0.0.0; _ga=GA1.1.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:11 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 05 Sep 2022 13:08:34 GMT
etag: "6315f4d2-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3DZoHPY73YhlQ9XQbfS7tFhLgpV14D%2B9TZ5WYapukzsNYKUiTRmtidB%2B%2BR9Ouy38gBhcyk0XtRyYQI2rLibQA9l9LzmjfMCbgX93Zt37Dqdz8AaY5iJG67ROg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fee9fcb1c06-OSL
X-Firefox-Spdy: h2

certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662477605709&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=11774579099&sess_cookie=bf5002a018313631b4c277a9bf1&sess_cookie_flag=1&user_cookie=bf5002a018313631b4c277a9bf1&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US

54.230.111.66

200 OK

43 B

URL HTTP/1.1
certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662477605709&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=11774579099&sess_cookie=bf5002a018313631b4c277a9bf1&sess_cookie_flag=1&user_cookie=bf5002a018313631b4c277a9bf1&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
IP
54.230.111.66:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

HTTP Headers

GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662477605709&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=11774579099&sess_cookie=bf5002a018313631b4c277a9bf1&sess_cookie_flag=1&user_cookie=bf5002a018313631b4c277a9bf1&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Tue, 06 Sep 2022 03:28:58 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6Zsxs-6oFHs3NGuQ71gxcBHVLZfoDRnt97wbHalBPbhvePCUFpiNZg==
Age: 42674

bat.bing.com/p/action/137024713.js

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/p/action/137024713.js
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=322ADCC826BD6A21215FCEDF27EA6B59; domain=.bing.com; expires=Sun, 01-Oct-2023 15:20:11 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BC656B1CF4AC411F8F68DDE44F936B80 Ref B: OSL30EDGE0320 Ref C: 2022-09-06T15:20:11Z
date: Tue, 06 Sep 2022 15:20:11 GMT
X-Firefox-Spdy: h2

bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=fc403714-d083-4310-84e6-9be51c9e9b69&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=583&pt=1662477604830,,,,,0,0,0,0,0,0,41,233,237,237,575,582,583,,,&pn=0,0&evt=pageLoad&sv=1&rn=286503

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=fc403714-d083-4310-84e6-9be51c9e9b69&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=583&pt=1662477604830,,,,,0,0,0,0,0,0,41,233,237,237,575,582,583,,,&pn=0,0&evt=pageLoad&sv=1&rn=286503
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=fc403714-d083-4310-84e6-9be51c9e9b69&sid=62525b202df711edbdb66d9c0088fcde&vid=625276202df711ed96fac1c539591a99&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=583&pt=1662477604830,,,,,0,0,0,0,0,0,41,233,237,237,575,582,583,,,&pn=0,0&evt=pageLoad&sv=1&rn=286503 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2DFCE5B0C72D66B22707F7A7C67A67E3; domain=.bing.com; expires=Sun, 01-Oct-2023 15:20:11 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 872C172D99B748B0BA5D0618FF0FF2D2 Ref B: OSL30EDGE0320 Ref C: 2022-09-06T15:20:11Z
date: Tue, 06 Sep 2022 15:20:11 GMT
X-Firefox-Spdy: h2

px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662477605725&url=https%3A%2F%2Fforms.app%2Fphishing

13.107.42.14

302 Found

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662477605725&url=https%3A%2F%2Fforms.app%2Fphishing
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=3845852&time=1662477605725&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662477605725%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQK9XBJeR0C8owAAAYMTYzIqWRD3enMrsAxnCaDziM79DFG7LxDc0lFb8w2pdKiOSQZUoPekMBtZmg; Max-Age=2592000; Expires=Thu, 06 Oct 2022 15:20:11 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJ38XyLRN8QUQAAAYMTYzIqsjradURMAqo8i_Pk0APQwcX9O7vea_wlCw8FUdIPByMv5kSXtSGBRVhFBBgCkA; Max-Age=2592000; Expires=Thu, 06 Oct 2022 15:20:11 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&b89c47fe-a829-49dd-8629-42d449259191"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 06-Sep-2023 15:20:11 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2374:u=1:x=1:i=1662477611:t=1662564011:v=2:sig=AQH8Fy8URiPlbu_UyvVpGcZcAHrUSvmo"; Expires=Wed, 07 Sep 2022 15:20:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoA7t7yanCasOwyZ1hZQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 52700FE82BFC46E0B8701E0170DCED5D Ref B: OSL30EDGE0314 Ref C: 2022-09-06T15:20:11Z
date: Tue, 06 Sep 2022 15:20:11 GMT
content-length: 0
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
450a99775a3610a3b4806c7210320cd6
9a31b824335587c7237241f059df17e5eb94726b
c5ae355b95fffa3d813c9cf76166bd80d5dac2b02e5ae24456d8a485029ec71d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 15:20:11 GMT
Last-Modified: Tue, 06 Sep 2022 14:07:19 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 397KI6vhesMz-4WMUQl78PBdtvFkplWdut0Fx0NtfZYUfikKiw1XFQ==
Age: 4372

www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662477605725%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue

13.107.42.14

302 Found

0 B

URL HTTP/2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662477605725%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662477605725%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662477605725&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&75a32020-beac-40c2-8e9f-ed8d373f7400"; Domain=.linkedin.com; Expires=Wed, 06-Sep-2023 15:20:11 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202209061520116cfcfa25-18a6-4145-8a0e-a7ac517ab26eAQF1j7CNUaTHAkXtVZdd5XX2Xo4k9fEV"; Domain=.www.linkedin.com; Expires=Wed, 06-Sep-2023 15:20:11 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjI0Nzc2MTE7MjswMjFasC0+0t9/GkDcYV1XLV5tVGYswvqg/Y++0ILVRTXlCQ==; Domain=.linkedin.com; Expires=Sun, 05 Mar 2023 15:20:11 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2338:u=1:x=1:i=1662477611:t=1662564011:v=2:sig=AQG03qOyK6BcN4bzwvbVk64FbYoTEPXQ"; Expires=Wed, 07 Sep 2022 15:20:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoA7t+QUK2/dwWOTgHgg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: E9219C538F96447A91100EB8DE3E3216 Ref B: OSL30EDGE0314 Ref C: 2022-09-06T15:20:11Z
date: Tue, 06 Sep 2022 15:20:11 GMT
content-length: 0
X-Firefox-Spdy: h2

px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662477605725&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true

13.107.42.14

200 OK

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662477605725&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=3845852&time=1662477605725&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&41b6cb64-6e91-40c6-89c1-24765068d6bd"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 06-Sep-2023 15:20:11 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2377:u=1:x=1:i=1662477611:t=1662564011:v=2:sig=AQEuKbxUcdqd2jXdxwUt5vYf_UruIdiu"; Expires=Wed, 07 Sep 2022 15:20:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXoA7uBKNO9QN/jJZvOdg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 22634D5D1150458DB0AB57940C74D2AB Ref B: OSL30EDGE0314 Ref C: 2022-09-06T15:20:11Z
date: Tue, 06 Sep 2022 15:20:11 GMT
content-length: 0
X-Firefox-Spdy: h2

redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png

34.215.55.14

204 No Content

0 B

URL HTTP/2
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP
34.215.55.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Tue, 06 Sep 2022 15:20:11 GMT
server: Server
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662477606534&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662477606533.1384857729&it=1662477605722&coo=false&tm=1&rqm=GET

31.13.72.36

200 OK

44 B

URL HTTP/2
www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662477606534&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662477606533.1384857729&it=1662477605722&coo=false&tm=1&rqm=GET
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
44 B (44 bytes)
Hash
b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

HTTP Headers

GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662477606534&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662477606533.1384857729&it=1662477605722&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
date: Tue, 06 Sep 2022 15:20:12 GMT
expires: Tue, 06 Sep 2022 15:20:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: 
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

widget.intercom.io/widget/tt7hkkgs

54.230.111.53

302 Found

0 B

URL HTTP/2
widget.intercom.io/widget/tt7hkkgs
IP
54.230.111.53:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 31 May 2022 12:39:23 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zmcaJPCwg8OyFILRkgMsszGaev7Tj7CR9vUX0QDZmdRox4zQJnWetg==
age: 8476850
X-Firefox-Spdy: h2

js-agent.newrelic.com/nr-spa-1216.min.js

151.101.86.137

200 OK

18 kB

URL HTTP/2
js-agent.newrelic.com/nr-spa-1216.min.js
IP
151.101.86.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32010)
Size
18 kB (18216 bytes)
Hash
6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a

HTTP Headers

GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 06 Sep 2022 15:20:12 GMT
via: 1.1 varnish
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 2453
x-timer: S1662477612.250969,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2

js.intercomcdn.com/shim.latest.js

54.230.111.33

200 OK

6.2 kB

URL HTTP/2
js.intercomcdn.com/shim.latest.js
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Size
6.2 kB (6170 bytes)
Hash
11e9c434f9d350acf89a5ba2ac00d108
f2bddbdf12661f706e5f86d54a9c17f10a9477e0
eeee1a21bf9cd64f9c44dccc6ca13ed797e81edda1fa20e5e737b6cc759ba74e

HTTP Headers

GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6170
date: Tue, 06 Sep 2022 15:19:21 GMT
last-modified: Tue, 06 Sep 2022 15:04:15 GMT
x-amz-server-side-encryption: AES256
cache-control: max-age=300, s-maxage=300, public
content-encoding: gzip
x-amz-version-id: jtZHFMTcqad8HYlJFcmRjrXRTYYhA.yC
accept-ranges: bytes
server: AmazonS3
etag: "11e9c434f9d350acf89a5ba2ac00d108"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: m9ljEShkyAzq-7c7PgIfPwv9Fanq3m5PE3azzO0f6B3Ib-V8pxUsNw==
age: 52
X-Firefox-Spdy: h2

js.intercomcdn.com/frame.ba604c5b.js

54.230.111.33

200 OK

126 kB

URL HTTP/2
js.intercomcdn.com/frame.ba604c5b.js
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
126 kB (126208 bytes)
Hash
e3b129c9366dcd58acca7dfb0dbf547f
2bd927f626de1146d4c43160b9d9c408783bf197
14512bf49f9ea6fd40436289ee9d406844892f93f2b6dddaf8d144c3b0ab43c9

HTTP Headers

GET /frame.ba604c5b.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 126208
date: Tue, 06 Sep 2022 15:04:19 GMT
last-modified: Tue, 06 Sep 2022 15:02:25 GMT
etag: "e3b129c9366dcd58acca7dfb0dbf547f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, s-maxage=7200, public
content-encoding: gzip
x-amz-version-id: zbHVc6Y6vCodZhMosRa5OQ4A8xrRgdft
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Q9iXMEeKScbqDvBFwsY7RLI_10hDcNlizCoPI5E7J4-fl-h39FvmPg==
age: 954
X-Firefox-Spdy: h2

forms.app/assets/img/formsapp-logo.png

172.67.72.65

200 OK

3.5 kB

URL HTTP/2
forms.app/assets/img/formsapp-logo.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 400 x 87, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3548 bytes)
Hash
a77f4c80bac841f7d3d2aa02372b8861
840d40fc6bdfbddff8e5d917ef5b669d8c4543a2
84b597803bfe471883e8b519902994881ee7c85066fa09a5c01cf3a30bb645be

HTTP Headers

GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.1.1662477605.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99; __asc=bf5002a018313631b4c277a9bf1; __auc=bf5002a018313631b4c277a9bf1; _fbp=fb.1.1662477606533.1384857729
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:12 GMT
content-type: image/png
content-length: 3548
last-modified: Tue, 06 Sep 2022 13:05:43 GMT
etag: "631745a7-ddc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8r9ihw84Rjd6HO%2F41jEtlqTpaJ9nQJiq1KsR5dQdbIXcryAWS9hxFHyRWAGvyNwLhJq155AptXFUpolPjNHDWJ9l%2B9YOoe5psY6LwK8Tn5vMw1OV3tU8x9Lgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682ff56f921c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/huawei-app.png

172.67.72.65

200 OK

7.4 kB

URL HTTP/2
forms.app/assets/img/huawei-app.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.4 kB (7360 bytes)
Hash
86c2e696aa2528b2cb3589897ba4bfb7
598e89de6512720a92e4e94a538e2eb64d746229
eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6

HTTP Headers

GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.1.1662477605.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99; __asc=bf5002a018313631b4c277a9bf1; __auc=bf5002a018313631b4c277a9bf1; _fbp=fb.1.1662477606533.1384857729
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:12 GMT
content-type: image/png
content-length: 7360
last-modified: Tue, 06 Sep 2022 13:03:07 GMT
etag: "6317450b-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ch8hQuoJjvUCA4iHl4WG4hPA1xaAugufp3bEtZZ54yswwmSI2c1tmH6QVsdvsJ5YEb0Q9phFFAstpvZtNMAdnw0cMd%2F8vnmvumninCTmmRnkOFvUS4NoHLJOlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682ff739e81c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/google-play-logo.png

172.67.72.65

200 OK

7.6 kB

URL HTTP/2
forms.app/assets/img/google-play-logo.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 191 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7621 bytes)
Hash
b30b4bd0775acd1e172ed059d1151d4d
70d96852cfae2fdc113342e3bf46cc4ebe706815
cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b

HTTP Headers

GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.1.1662477605.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99; __asc=bf5002a018313631b4c277a9bf1; __auc=bf5002a018313631b4c277a9bf1; _fbp=fb.1.1662477606533.1384857729
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:12 GMT
content-type: image/png
content-length: 7621
last-modified: Tue, 06 Sep 2022 13:05:43 GMT
etag: "631745a7-1dc5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8OsFMJtIemKqxBNgym9TpcU9xeOkOTslzIyBHV1%2BMgigjtu9d89nvks0SHmKoYjkMlfUegrPGzDQwgqqv30TR%2F5vJzpElomZEzf6UafZGEiOsmvBFVHkcmXvyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682ff739e51c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/app-store-logo.png

172.67.72.65

200 OK

7.6 kB

URL HTTP/2
forms.app/assets/img/app-store-logo.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7634 bytes)
Hash
02b87ac5a0d67d23008ed83695705c23
1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5
a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736

HTTP Headers

GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.1.1662477605.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99; __asc=bf5002a018313631b4c277a9bf1; __auc=bf5002a018313631b4c277a9bf1; _fbp=fb.1.1662477606533.1384857729
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:12 GMT
content-type: image/png
content-length: 7634
last-modified: Tue, 06 Sep 2022 13:03:07 GMT
etag: "6317450b-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmQMhHMh9lz6EJ2abmqEhYFeBhUpcNzP0cZFcuzCl4s%2FUL%2BVeAYGA87y0fOoVnmk5OuDHGSPyWOFrCLd2RkTln9aY83QY3%2B6vCrg71fjRk53q1VUHsZsF4UjwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682ff80ae81c06-OSL
X-Firefox-Spdy: h2

js.intercomcdn.com/vendor.cc87208a.js

54.230.111.33

200 OK

73 B

URL HTTP/2
js.intercomcdn.com/vendor.cc87208a.js
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
73 B (73 bytes)
Hash
814f8120cdf5a972bdb0fd5521a92a5d
47f7b3cd340d1fe91766ff27602e319a79bcd14c
5f520e553ae6a634e84b7c8c8d36908d2efa441d716834fd98c012c402b1c3c8

HTTP Headers

GET /vendor.cc87208a.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 102804
last-modified: Tue, 06 Sep 2022 08:32:51 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: qoJxDK.yJt_caLpQ.BR9OoK3VNEkVuo0
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 14:34:21 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "779b6e280f17326883ab35323c0cd755"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qg2a21BANBccpv4_Ubn1VbQPlHPCoaQ_wJgw2sHE2-lzJPHQpvlLiw==
age: 2752
X-Firefox-Spdy: h2

bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=3094&ck=1&ref=https://forms.app/phishing&st=1662477604830

185.221.85.4

200 OK

36 B

URL HTTP/1.1
bam.eu01.nr-data.net/resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=3094&ck=1&ref=https://forms.app/phishing&st=1662477604830
IP
185.221.85.4:0
ASN
#206998 New Relic International Limited

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
315d2b51a2989bff71e9374412b5845c
057fa18c74fe278d1b4f6fa7108439e34efb47fa
d6184ce248c0b132b61dbfe0bb7d5cc5139533560e33ef81b822a41759171162

HTTP Headers

POST /resources/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=3094&ck=1&ref=https://forms.app/phishing&st=1662477604830 HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 1133
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 15:20:13 GMT
Content-Type: text/plain
Content-Length: 36
Connection: keep-alive
CF-Ray: 74682ffcbd4a990f-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rzib5IGV%2Bz%2B9Ec0l0HZefB%2FMEKHiAcLa1kMNgNfSnI1mT6sTf4yL8aoXeayTEMrBrdvdZu1KvfKGu%2BIOEKGIC67iTNYvdR%2Bfwz0ndUwN7jAVfTVljb0L7MHHU3GgMlRegmQmxs5%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare

nexus-websocket-a.intercom.io/pubsub/5-p0-dC9x41l1VguQt3wXgFtCJIdVji_58W9QKwQtnzB08oJrsbIB2iSRAd1vUqm-Bu3389YONN7LpRDHH0CdEqkUx6DjNpXWhEC3c?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined

34.237.73.95

101 Switching Protocols

0 B

URL HTTP/1.1
nexus-websocket-a.intercom.io/pubsub/5-p0-dC9x41l1VguQt3wXgFtCJIdVji_58W9QKwQtnzB08oJrsbIB2iSRAd1vUqm-Bu3389YONN7LpRDHH0CdEqkUx6DjNpXWhEC3c?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP
34.237.73.95:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pubsub/5-p0-dC9x41l1VguQt3wXgFtCJIdVji_58W9QKwQtnzB08oJrsbIB2iSRAd1vUqm-Bu3389YONN7LpRDHH0CdEqkUx6DjNpXWhEC3c?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8X8EPk4PpNtQQVbn5lObqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 06 Sep 2022 15:20:13 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zR9fePpw5g9i7S5boTgPSmPFVPc=

bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=3110&ck=1&ref=https://forms.app/phishing

185.221.85.4

200 OK

24 B

URL HTTP/1.1
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=3110&ck=1&ref=https://forms.app/phishing
IP
185.221.85.4:0
ASN
#206998 New Relic International Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
24 B (24 bytes)
Hash
bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

HTTP Headers

POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=3110&ck=1&ref=https://forms.app/phishing HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 276
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 15:20:14 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74683003a87e9938-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAvvPYtR08gcjjQ0qD6e0n7G5yum8eA4XMIa1C9R3DSYWG7uRZYq%2B4WuZ0YqMfHS8zb8cYXqiKiX9BupkPQmbGWrgwl5GlO9r2WAU4%2FR6whoE%2BGAq6E%2FKyRI%2FqmvW5ZfHB0qB4YE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare

my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-4270"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wu5039wbF4BN3qdPkM47vYn4PR9yOkozm5KupPVr3jyIcZjCY1ezdLNa6uiBEyDJlfUP8qUfdHQzIhhzU3cLULFYOmcKA9XqYnFSMstRI2nlqRiv5buAQk1d70WxFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe1befc1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.forms.app/user/gettimezonefromutc

104.26.7.145

200 OK

0 B

URL HTTP/2
api.forms.app/user/gettimezonefromutc
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjOr1uK2%2BFy9G9kh8lA3tZm%2BZu%2Bflps3YxVbW2RqrF2R6s2fPacJSLSzDfQHmlf7%2BlwNUX0MjUj%2FzL4symqXSFnHPmqfvzc2T66EJsybIHfTMnWy1A42yAlVuT05wwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe36d5bb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/icons.2b7bf.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/icons.2b7bf.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/icons.2b7bf.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:30 GMT
vary: Accept-Encoding
etag: W/"6315f4ce-360f1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MdWG48M6CyN%2FdiogLHqOzYXRhIrNUZpBX5i%2BCvhBcYdalqhHalFciQIC2uJ81yAmmkq8E%2BEY%2B6VXhqrJxdtwJLVsBiMTVmEnkFVyRUhhypdkI3lW27Ciz4%2FBGyiEDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe9da8f1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/help-resources.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/assets/img/help-resources.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Tue, 06 Sep 2022 13:03:07 GMT
vary: Accept-Encoding
etag: W/"6317450b-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jnm0CqSSeM%2BlEDg4xp9D%2Bh5aEOiXcPmxfbPa2cvykxffSio4U83skZrfSw3m5st5ZEesnh24HqYck1XESNeQifKwqhOJR0GFIP2AHwcxdjdApwPcnHwPm%2BX9ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5ca41c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/hubspot-crm.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/hubspot-crm.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= hubspot-crm.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sldW2enWQBSuYN57fdg8M65y3GLny5%2FijTBD92cMzQdT1YLVYzvyAexb2Gc27%2B8CHFL7iBZ8g6DLLCq1sUhOF4jUB1d5JSeZtE65hf7XiKGU%2FTPLFavsVNrfo%2FRFi%2F9e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb4c841c06-OSL
X-Firefox-Spdy: h2

file.forms.app/sitefile/excel%20copy.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/excel%20copy.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idgiRCRtOiElQbBH5%2BKr5MBhKzzNsXU9untR2bTfHBzyBophUDv%2FJ%2BQBXf9eFTDEQ3%2BHPbzHfg7kvIvoM%2BiXvEmBY4B9EI%2F8Z83f7DrN0LKrn8cMYeOvPEOwqv6PiqE0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5c9c1c06-OSL
X-Firefox-Spdy: h2

my.forms.app/static/css/dcomponents.2f40b.css

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/dcomponents.2f40b.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/dcomponents.2f40b.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:07:59 GMT
vary: Accept-Encoding
etag: W/"6315f4af-194c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2F6Ahp5ENUOwslA1lxCIsPq%2BtESXRV0PrzmlaAMoHFvex0ztOpkkp7VQCBU3ryWXJ7mR9iWZD9mEPxbaEYb49Mp6m5Znbb6bxQnuWZ9emw4LHkMbPHuLr5DzUC3dg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe01cb01c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/vendor.523c4.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/vendor.523c4.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:31 GMT
vary: Accept-Encoding
etag: W/"6315f4cf-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3%2BXR%2FvOQLbYRU8aSLn8yF1ZPxAlDQZET%2BYHcHrHISMdR32lksqQ9Dykwi8RJh2BcRucHDAIC9lGFkhjfG6wXLk%2Fuj7bhQ0OUppdpQ53pZq%2FJbDhFZ9mUpBfdzB3mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe02ccc1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/Notion.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/Notion.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= Notion.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hnIdj7%2BZm6b309Xmjm4uUNCwtLEeA6llWnIXe5dqRxskhk737pxvmZmfsyagq9Q07%2FFBMYTUeWJrmcfoRICDxP0CIQZDcXLCaZYA8Eqt1dhWUptr5rH6L%2BLxwYb2jTH2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5ca11c06-OSL
X-Firefox-Spdy: h2

file.forms.app/sitefile/trello.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/trello.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= trello.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fdl7Cmyt1IpoVmY6OlxkjeYTqd%2FHvD44kasy4kieuxSrQHux%2FiAjn2ezbkD0cHqeseKmMC0j8GdWpRGg%2BIHOZIbYEluVOrtNTn%2FaAe9pLcdgEGLQ28o5nUC7BAwbD%2Bwv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb4c861c06-OSL
X-Firefox-Spdy: h2

forms.app/assets/js/login.fb59ba75.js

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/assets/js/login.fb59ba75.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: application/javascript
last-modified: Tue, 06 Sep 2022 13:06:29 GMT
vary: Accept-Encoding
etag: W/"631745d5-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KzGzhS%2FPFSDbLQaTyq5gKzibLGGUaiwOFIdX5%2F0i%2B44mWvFrFjSrDXU7fCoqsPTdN23L8TJEdvO0Eh5foStm%2Fm0E%2FSK9rKc8WPGaKsBH4%2Fa7K03qrIREpsba3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb6cbf1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/Google%20Analytics.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/Google%20Analytics.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7O7W%2FHslf%2FvxgSpGXIuihMa3KQJYgPwsn7uwXmIePGTenPCwoN9cEDs0BVqFmz9qqxVUgM2FKLUWjiQQpYgn5xdsXMvRvnKRDrVzLajZJNUCGzoHjfjquyMEYx29IkvY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5c981c06-OSL
X-Firefox-Spdy: h2

file.forms.app/sitefile/wordpress.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/wordpress.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:11 GMT
content-type: image/png
content-disposition: attachment; filename= wordpress.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Je%2FqQZEPLO8iY1YKt7GN08Tky%2BSQAdMjR%2ByZOi8DEVuCJQaij8mWRMHEhTzvrXj4Nxxgb4lPQ3mnvxzy6d7CDIm5p5Hu%2FK0PRnhgIkmQRANYU2ERj8AdmHAqPWL%2BNV3S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5c9d1c06-OSL
X-Firefox-Spdy: h2

api.forms.app/form/60deff002ca34f5aa4985ab3/view

104.26.7.145

403 Forbidden

0 B

URL HTTP/2
api.forms.app/form/60deff002ca34f5aa4985ab3/view
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /form/60deff002ca34f5aa4985ab3/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Authorization: none
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 403 Forbidden
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YgCpe636U5I9m8su76MkiPm%2BVL%2BXyPw%2FMDXDCU2neKsqJ2J3jxUJXMnc3qQWgxvIMXvGgREzKCh1Qq3GaP6EFTim12yk1rEHqfDNbtxPJVWYHUO4tNZSY4U%2BZ1pwQLo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe8cd04b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/envelope.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/envelope.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsKiJ%2FOBshMG8wFLhct1lHtOyEXtQfAwDm0BRdmVNopHpz9DwoK24CSlV0%2BYK%2FwtDqcdzveaFTOAMZUx9yAxzfd7voywbAzZFx%2FXDhrb41lkOtQTu4Vz%2BSwjcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb6cbe1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/sheets.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/sheets.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= sheets.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6ZZ4EVWrDTtvqs2ZKlo%2FHGXkAmdVYdDAtPeP46LqgAtMZFut0bvHamP5usyqKymgd6r9cntchLgwWSUNwWjptJwhL7%2FdRyouevEwTHtsOj%2FQKAvQJDSEPK%2Bt91GM5Lm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb4c851c06-OSL
X-Firefox-Spdy: h2

my.forms.app/static/js/dcomponents.15d95.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/dcomponents.15d95.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:45 GMT
vary: Accept-Encoding
etag: W/"6315f4dd-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OV5nweGGGPXn1ZxTMcx%2BMBevK9WKtD22gPUxEgmjHX5sznCg555lIcAchl2PL8Tz1ETeEZhrBQY7pIBMkMe7BByHqFcb3ha7xTgwOYaVx4XxEZ0dAJqd%2FBdVOJTfSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe02cc31c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/templates-resources.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/assets/img/templates-resources.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Tue, 06 Sep 2022 13:07:15 GMT
vary: Accept-Encoding
etag: W/"63174603-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tWPpWwIN8p3BY3bfiEEL3IMBHd%2BRSX7%2BzJO%2FbsT2iv%2BHgY%2Bbku26z9Kpp8t1o5NkiXcJyFivEGxE3PVraAzQkNw1ZGPwyaxKkIrp2H25QyFq0pj05%2B4v4AAKfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5cad1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:15 GMT
vary: Accept-Encoding
etag: W/"6315f4bf-2f93"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FAnKpywJCCi1RUnFWvLUyVNWLRiJtIUJ1LRMtXctL1yBvVhboiOOR2PQmcpMCKTd1gStJqDJ3UL8vVYWsQMV%2FNXO5dOsiuXWNPJjEE9Ev6JaN6ABWGr5%2BZwegmELaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe17eb21c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/airtable.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/airtable.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDWfD4mUDWm%2FiUHvVA5foW158IcIP0nVYlSHaygVSAj4MfqrTGmmfVzSnzEWngveNjvN8aBzoEk7npFZEt2WgS%2FYMTwc0WHLs3sfo9aYamLusDGwngNfOljA5C6Hdf7m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5ca21c06-OSL
X-Firefox-Spdy: h2

accounts.google.com/gsi/client

216.58.207.237

200 OK

0 B

URL HTTP/2
accounts.google.com/gsi/client
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Tue, 06 Sep 2022 15:20:11 GMT
date: Tue, 06 Sep 2022 15:20:11 GMT
cache-control: private, max-age=1800
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-lhHezn8TU6nn7AIowolasw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

my.forms.app/form/60deff002ca34f5aa4985ab3

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/form/60deff002ca34f5aa4985ab3
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /form/60deff002ca34f5aa4985ab3 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6y5z4J8aR4PR0x5yrYWSH%2FLxpmAi%2FFgYW82MAApO9vuKamyz3U5AnHozgR4u%2Bo36a7qq2q873%2BB%2F3Rwz2JUpKdEf2ayTyZA1MFbgpNOFLQafgPKNcrkYvA2r8RT3tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fddea551c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/img/logo-home.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/img/logo-home.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YxCs7Tnq%2Bg8%2Bx0YQvYvAfXtW7MxVmJNvIcMakgq1uEsXJLTrmSbhEtyZGJ72UgcULG3SfyXVu0xgH%2BKzw42xuJ2kP5oZzeXMqHHDu7Fbs%2F7t37UF4PwN32DaN4CMgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe9ca751c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vj%2FAdLf3EBcaEfPKyj6feakcYipHubCFBVLer15y49uBbOlHPSCVv4Y%2FsK7XOM99Se8JmV5yaeortvlePEFQnA0i505CuUH0oG4Y6EcC%2Brr75LsSntQEjdOTxiE8fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe1aef21c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormView.7077f.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/FormView.7077f.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/FormView.7077f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:43 GMT
vary: Accept-Encoding
etag: W/"6315f4db-a2e4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CERlWtPZYReqbau6htp%2BFfluV9hXY%2F1%2FASRmFBNC3Oo%2FvhOuOaB3VqfVDQATLLxEb5x9oKh4oFbLJt35k6jYj%2BP7qy%2BRM9DCkpzDv9dOiJJhlNRYJEdYfjnihUzyXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe1bf0a1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/slack.png

172.67.72.65

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/slack.png
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/png
content-disposition: attachment; filename= slack.png
cf-cache-status: EXPIRED
last-modified: Tue, 06 Sep 2022 11:50:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bK4ErUkADLSg3xIyIUBQDHv2NK0c72vE8fjDwB8gi3OSDOuvT1%2BIG9cjoTuNw4Q%2B5WY8OFmOJoNPSzKuk4e%2F1DgLeDqk27CujclWYLxmYFQ%2FKnViD3ioeBmARAbOfwpO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb4c821c06-OSL
X-Firefox-Spdy: h2

forms.app/cdn-cgi/rum?

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/cdn-cgi/rum?
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiMTRkYzAyYzZjZWIxZjViNSIsInRyIjoiZjUxM2Y3NTA3MjM1MTA1N2I4NjRlNjgxYjBkODhiYmUiLCJ0aSI6MTY2MjQ3NzYwNjU5M319
traceparent: 00-f513f75072351057b864e681b0d88bbe-14dc02c6ceb1f5b5-01
tracestate: 2885732@nr=0-1-2885732-286479549-14dc02c6ceb1f5b5----1662477606593
content-type: application/json
Content-Length: 15675
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.1.1662477605.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99; __asc=bf5002a018313631b4c277a9bf1; __auc=bf5002a018313631b4c277a9bf1; _fbp=fb.1.1662477606533.1384857729
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:12 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 74682ff47e6f1c06-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

api-iam.intercom.io/messenger/web/ping

75.2.88.188

200 OK

0 B

URL HTTP/2
api-iam.intercom.io/messenger/web/ping
IP
75.2.88.188:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:13 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1662477620
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13332
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: 9a5a4049e80edb0337d8274b344e8fe033802f11
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0009hvlev4dusa73nrqg
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"550866aad859bfd92ca2569458f5951a"
x-runtime: 0.571807
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0359a879b27fffa05
X-Firefox-Spdy: h2

my.forms.app/static/css/iicon.8278c.css

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/iicon.8278c.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:20 GMT
vary: Accept-Encoding
etag: W/"6315f4c4-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOrgjdy7quBfylDe%2BCjLip4XHjnEKt6FsI%2BuEEbav6dtpZHgKShVUzKRXl1F3cd%2FiTqz3HNbu4%2BW%2BqcXEdKA4rI33gKstU9YNmxBwO2rp6A9r8MU2oWdAdtFquy%2Flw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe01cb51c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

172.64.156.26

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
172.64.156.26:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 74682fe049110af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

my.forms.app/static/js/vuelazyload.45220.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/vuelazyload.45220.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/vuelazyload.45220.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:44 GMT
vary: Accept-Encoding
etag: W/"6315f4dc-50a6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pLZMpO%2Fnfv%2B1hW0TZl1acqBuFt1zX2zpEXBAAmMzcurqfiZbr%2FmwMOoqjeZJ5FSGa5BSzxvPIfGYYP%2BNyDIrBbNHlsdkN05%2FUhszDISFk7cC82te2UzSHUvHu3Equg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe17eb61c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/app.aae1e.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/app.aae1e.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/app.aae1e.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:24 GMT
vary: Accept-Encoding
etag: W/"6315f4c8-3ee9f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLMuy9B8AXTjYnLBlcr%2BNsssf7ah3H8Rn4ph1WTKWbbAazaTmYAgJn3o%2B4y5KdlTE2svl3lQQXBXty0tB7ma4IVPA5RdBHx4sjmrbYUHc%2BK0uLU0eYgYZYCCSvvjNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe01cba1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/google.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/google.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuz1v3NM3jQ2RV%2BylTtVqp2S3UO3%2F%2BdpUlpUPc1lYQN8Ua9aPbEWjmSzOq03mJtfk94z936%2Fo%2FhyHPMle1i7OeHOrHFastkvHREaHG09CciR%2FXQmmF2FvVmxTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5cb11c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/apple.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/apple.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:07:59 GMT
vary: Accept-Encoding
etag: W/"6315f4af-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7mncYMee%2BdEt6BRsOJtxa6kry8KJT%2FgW8G%2FadbWZddw%2BFupE4Sa2frT0NsuT0qqD7iuvHdExgWAQRhjDcraTr2BvmPgMk%2FoEDuSkEK6kIPeVfr4zfSL7mcW%2FGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb6cbc1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/asyncstyles.4869d.css

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/asyncstyles.4869d.css
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:20 GMT
vary: Accept-Encoding
etag: W/"6315f4c4-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFqUCUzH1Kn3AtbMml9Eo83RkCBI8NEL4UgJq2uFZDxZ155kC5DsmqVAfdnfYD405gwuk7LPZx5POLxXzGvL7E%2B5h3r%2FS1uUcdcu5fVUDj1qR8nBgDoXpm81rkDzqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe01cab1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/logo-home.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/assets/img/logo-home.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Tue, 06 Sep 2022 13:03:07 GMT
vary: Accept-Encoding
etag: W/"6317450b-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAA1EIu9fhA783b5ApvcRPaMiJQZJYru%2FgtrEchNsatVaod0d%2B7f22jhPkY0suSWG6jX%2FZlDOi%2B2FCnWd5nJGwF8ZoQ0TRpZaAu2bhRiURztQw69UyGqZFPA8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb3c7b1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/blog-resources.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/assets/img/blog-resources.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Tue, 06 Sep 2022 13:05:43 GMT
vary: Accept-Encoding
etag: W/"631745a7-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9zxrRjTzQSmVmB%2FWAEEJHsKit7f8WHiGsfJONbkLHyUIGcNNqAEg38sEVqPhqPJJFHDSiGe1htQ5TR9oGpfNnqgh1xrhOkdRvWMuHg49%2F8aFOmMGKJQgULvhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb5ca31c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/facebook.svg

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/facebook.svg
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2BJJpyxlfuoFSqIDqulsPMlFJnZ252zRVH913j4myUAuJIzRHayqCaZRKVTig1zm0fOch3rnk4zR0T7dpKRh7FvbszqvEradTKPRWfe%2FkqXjV9lBSrdt3Ptalw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682feb6cba1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/phishing

172.67.72.65

200 OK

0 B

URL HTTP/2
forms.app/phishing
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.930668718.1662477604; _ga_740JKHV4FZ=GS1.1.1662477604.1.0.1662477604.0.0.0; _ga=GA1.2.1709777626.1662477604; _gid=GA1.2.735807589.1662477604; _dc_gtm_UA-123158574-1=1; _uetsid=62525b202df711edbdb66d9c0088fcde; _uetvid=625276202df711ed96fac1c539591a99
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:10 GMT
content-type: text/html
last-modified: Tue, 06 Sep 2022 13:05:35 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKaRs5F5YdMMu3%2FxMtm1CPMBbVgU5mOy75zXx9CQeSN0TH4CLho0Y%2BzS8C8ai1fBfBAX6XI0xzKbVoc4KdyX2%2FIQll%2FYRUeabvvDMrIv08ENCvWCj%2BeaYUcSxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe99a501c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/runtime~app.1ad07.js

172.67.72.65

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/runtime~app.1ad07.js
IP
172.67.72.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/runtime~app.1ad07.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/60deff002ca34f5aa4985ab3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 15:20:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:16 GMT
vary: Accept-Encoding
etag: W/"6315f4c0-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hpIvJIbcK%2BXuvUCLvF3BpDTbNIykVZXFbfhxtksyPZ0dsRchVRZJ2B37%2B8xlCbt8h3Tru2YasfQngzi1Eu2RzeqwUJzt5wwg91QMVSWQDe%2BESEaJAQFM0dRDX83qAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74682fe02ccf1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations