my.forms.app/jenetwood/untitled-form-1
104.26.7.145301 Moved Permanently 0 B URL HTTP/1.1 my.forms.app/jenetwood/untitled-form-1
IP 104.26.7.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /jenetwood/untitled-form-1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Sep 2022 09:19:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 10:19:40 GMT
Location: https://my.forms.app/jenetwood/untitled-form-1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=avJBcq7qsgfnKTOq6YF1aCe8GTNVIohxCkHJODSQy9u6FOtR%2FvL7SaFsmp3tKt7MhtiqfWiIuID09aoGQ2MaSCbw4ddjef2hWJ8OpBRl8FK%2BGZ6rqLZlevQBR0TObQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74769a985c79b518-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 09:10:02 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eeS-fqlO7LDLeqkOuYRQuQ6KSACrFc9keraCMmjFUCBEL_sR2cAnlQ==
Age: 578
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9012
Expires: Thu, 08 Sep 2022 11:49:53 GMT
Date: Thu, 08 Sep 2022 09:19:41 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uoJ3s-PNBvL1qjQbvpSReJNtCqntZ2XB8jn7vqPy0dK5_ih717I5xg==
age: 19987
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
my.forms.app/static/css/asyncstyles.4869d.css
172.67.72.65200 OK 2.2 kB URL HTTP/2 my.forms.app/static/css/asyncstyles.4869d.css
IP 172.67.72.65:0
File type ASCII text, with very long lines (9557), with no line terminators
Hash 5b57482adc183888c905493300c47b41
fc16ac183830121aae4a86fa1baebc0ae8892515
428619428a9093f726705180a51f6f98d66c243a59154ee55af62ba7d7ec4c02
GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGd10MknjADf%2Fui29FMHbU4vS1%2BWklI0vmwr5wOrlYp8XzZsZ70P5mqvqeHTAqAe9PVjS5WQlT8beuQ5UMKbUrrDxFbxCN8pnS93KaH2lkctpukR67EFBjlR5Va6jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c0c06fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-WPSL383
142.250.74.72200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-WPSL383
IP 142.250.74.72:0
File type ASCII text, with very long lines (15501)
Hash 819a551cf8c8d0978094996f6f99abdf
df668b798876e15f35ebd27fe02b03a7d19220c7
79d02c51ab9f21ab87ab5cfb7ebd4c11179c915bbbf2808ad06b6543fbf6462d
GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Sep 2022 09:19:41 GMT
expires: Thu, 08 Sep 2022 09:19:41 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75355
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de50d39318f58f490483c86aecd38e4c
f92177f493cb7bab9c5ce67f6b41f9214920907d
8bca037d0d46ddd72b4c1bbfc2829f96bc9e7bfb28724af3010f1441d14b7180
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 08 Sep 2022 08:38:18 GMT
Expires: Thu, 08 Sep 2022 09:06:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xE4AMWK2j8TmcHu83ZVfeeayRzNBzppwvdQimwRJQOBKowjz0datYQ==
Age: 2483
my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
172.67.72.65200 OK 900 B URL HTTP/2 my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
IP 172.67.72.65:0
File type ASCII text, with very long lines (2713), with no line terminators
Hash fbec9305e924bf4975bf3c0c61d34878
9b277f735ba5380c4d82c6fd64bd6f3c45335857
0ddf187c19ae14771f91f470ed14b1debec3baa5c674fb78cba656eab790fa14
GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:25 GMT
vary: Accept-Encoding
etag: W/"6315f4c9-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BrckEd8bJtn9COgkJxWjFug4%2BYWioRHvf7ZFmO6r6QK5T359yBQn7E9fjWVkgjIRA3nU3oz2quAvKklptG3%2Bf7ZrBuy1VUlT5ovcDS0%2FaM%2FJPHLB5V8BBKSTnOYuqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9e4d94fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b63f97bc3dce37e8ee6a0c9fcae468fe
cc70326582c0016d7434d0553486734266e57e71
6b3b365123beead4021532b8f2578b3761bbd47af45ed2a461a0476d53aa637d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.forms.app/static/js/asyncstyles.7792f.js
172.67.72.65200 OK 63 kB URL HTTP/2 my.forms.app/static/js/asyncstyles.7792f.js
IP 172.67.72.65:0
File type ASCII text, with no line terminators
Hash 43682bf865ec9defc56fa6daf65b25e0
6725eae5548e23a8f6e9c4f3697f2bba37e26237
7e396bda23643d2ac4d8f43fc8283797053380765d158d8370af4640cc5d750d
GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:37 GMT
vary: Accept-Encoding
etag: W/"6315f4d5-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1p8TKqZAgEvkE9Zpkbhx4AY1PEQclPS797%2BhB4NRes6IiPpyfph5iX6JFoAJNC9mn5Bc47iKE2LMOL3nKpfe3I876kP1jqY4jj4LqAL5djTHgpxSAkzr8B1t7J1fYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c1c16fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a81b0f5b5d11bf95fc176833b2f6e808
5b194aa5a8bf3a6b0d117ccfd0f487f6db0587b5
8f6ae83f2b85db7174bbbc6553e2921617b5c8a401315e76082682949a0bd9cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4406
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:41 GMT
Last-Modified: Thu, 08 Sep 2022 08:06:15 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
172.67.72.65200 OK 130 B URL HTTP/2 my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
IP 172.67.72.65:0
File type ASCII text, with no line terminators
Hash e4f43a5c26ac15109b72b753d2f7b098
78ec17c6183ca8077ad2b13659bcb014dfb13206
c964090fb60f23b0b0d4a3f4d56f6aa9072a7d27fca4faa47e4a3317d58ec1b4
GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:07:59 GMT
vary: Accept-Encoding
etag: W/"6315f4af-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJxn7EnzOYJJnZqZQ45%2F8bQwc7ClO6WWQFpCd1rTVdFB4DnMuKB%2B62%2BCBqpRJ6CnhdKWnWgSRZwI4G6HBh8HzGsj6IQLy4Tahj0e0yVJsI%2F6U495Yi%2FYkCW%2BLEp0XA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9e2d7dfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 175721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.forms.app/form/jenetwood/untitled-form-1
104.26.7.145204 No Content 0 B URL HTTP/2 api.forms.app/form/jenetwood/untitled-form-1
IP 104.26.7.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /form/jenetwood/untitled-form-1 HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 08 Sep 2022 09:19:42 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWULksR%2FOarwl1LrWgIlhhhkvSwjfJzoEw0V1%2BE%2BU0XNc%2BARd8J0XG3m2WviGuDKM1gTzzAMylqcQQTd9Ylk77x4PlNqc%2FiPV07fEpj998ww%2BxRJ6oso68vhBx9%2F4%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9f28c1b50b-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4410b7b84c93f14f74d8fef364b840d
37303eaf19049d2ceb48581b9c990da5882dc7ff
d5276336c0a032fe9dfb73c1faff240132cbf073d621981b57c9c2a77d553afd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.238.3.246101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.3.246:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /O38Dgq1spRSlWBhgPwQ7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Cv2k5mAw+x/KyiA+AiN45C36zKQ=
my.forms.app/static/img/form-disable.png
172.67.72.65200 OK 9.9 kB URL HTTP/2 my.forms.app/static/img/form-disable.png
IP 172.67.72.65:0
File type PNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data
Hash 284c5d4bb722101d9ce5f925f5c0b9e7
c610bce010897692b228623b36a8da6e78ade7f5
d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650
GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/png
content-length: 9896
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
etag: "6315f4bc-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ktl51NUrEZiMA4%2Fu0pS7qXOsr7B3zVegCLLT0CFNxYej3wDHJ%2BaPpxizdSru11iKUtYrMYRXIzfQq42sVP6akXegLUGZ3lUERxC5W2tpam6V8Pvbsm3JkqprHqHfhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa11ffffac4-OSL
X-Firefox-Spdy: h2
forms.app/phishing
172.67.72.65200 OK 29 kB IP 172.67.72.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31063)
Hash 0de8d38f51c8d625b7165153eb19a05a
54aa71da574c16f637294b8e88d6c22bb7b170da
45a8117f29061e0ff849d1cf681bdaba5d03cb85f050fe0617eda567518a1400
Analyzer Verdict Alert fortinet Phishing
GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: text/html
last-modified: Wed, 07 Sep 2022 10:12:56 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tbMA6yZLi9TpzAbM3FPztAZfbPYSaynYI8i%2BZqSObTyKqKdf%2FZXtg9jjxS1AM%2BJuMCZWQc981ZyBVYORWaE7fcpb%2BE%2BUm%2FbDQy%2BfG5PiYtgkYJMEaB29she6cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa10ff4fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/form-builder-blank.png
172.67.72.65200 OK 34 B URL HTTP/2 forms.app/assets/img/form-builder-blank.png
IP 172.67.72.65:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cda661faf5e60e281e5f56067e7909db
324a0323af79f3142387d4761198f9ace2d78b3d
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65
GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
content-length: 34
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=149
content-disposition: inline; filename="form-builder-blank.webp"
vary: Accept
etag: "63186f49-95"
last-modified: Wed, 07 Sep 2022 10:15:37 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmSCM8ZXeoohX%2By6f1C1bdfjYs0%2F5jMGtyfDcCYf60et5Y06YIV%2FxzR5fF4SXRiIRo4QE6G5cALJZ0tHY58M8zyeVxp5He%2BxQ6Xoy3j2Xv%2BdiFuly97q2uFEfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa239d5fac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/WhatsApp.png
172.67.72.65200 OK 23 kB URL HTTP/2 file.forms.app/sitefile/WhatsApp.png
IP 172.67.72.65:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8316aca3c11cd39f843be5b1611eee48
40737844e620fe2288fa35b1ea8b1f82b5da84f7
65471e4de1139239c496983c9c9329bdbbf6616969600275312294fb65e29dc2
GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6737
content-disposition: inline; filename="WhatsApp.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2VomrANR5dOBmdwJnPgs7JhKsrnDcRVZMjO6isVuH5gT070DLLNMrs5GQhQg%2FM61nK2gzr1FfGsoNqMHk5nAxVpz8afGrr0Aq%2BS1lYozzMX7fV4yExXl8W%2FV%2BZC6yof"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219bdfac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/airtable.png
172.67.72.65200 OK 29 kB URL HTTP/2 file.forms.app/sitefile/airtable.png
IP 172.67.72.65:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e323e0310450919e41974161d763d842
eb728a19e7bd7b551bbd0333453dfbf63b8fdfcc
b15a3b14b3ab3fd58071c4b4bbb27ba77f87d4b4cb26263419734ee119594279
GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=7872
content-disposition: inline; filename="airtable.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sQyxDMjL26PzRrPGLwYp8eh3%2BBpdVuFu7vapG%2F%2Bdc6DpXa1yQNgiSBzbAMnzYq2aDRLuFYewIq%2F9%2BPH%2FauPOeOUhpmifOTLKuZKeG6yDA2Wn0eihpk%2FdnQEfFMt%2BHSUL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa229c8fac4-OSL
X-Firefox-Spdy: h2
certify-js.alexametrics.com/atrk.js
143.204.55.36200 OK 4.3 kB URL HTTP/1.1 certify-js.alexametrics.com/atrk.js
IP 143.204.55.36:0
File type ASCII text, with very long lines (4255), with no line terminators
Hash d89453438fbf10dcf4c13265c40d5160
02d5f4e46c94bf34e12b2d773f63f643ea2b3518
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: k5TbdB-ZHUtiIB6cqay5vD2Y3vS9oubguCXS2ShxYMKLAjV1nKT6ig==
Age: 2265459
forms.app/assets/img/logo-home.svg
172.67.72.65200 OK 6.6 kB URL HTTP/2 forms.app/assets/img/logo-home.svg
IP 172.67.72.65:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 15a8f8beb186f9ce681effb850c92c62
6aaeff7385c7b52c8f8b5c0d7d4c86a5428d5b4d
a64ee1bbc0e15113b97a3892083908b0998d78e9834b5f57dc4532db65033a76
GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Wed, 07 Sep 2022 10:13:56 GMT
vary: Accept-Encoding
etag: W/"63186ee4-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PNCmwGd118eILAhAUnFbAqelwf3ioNOui9cvio4M%2Fu6hkowTZ%2BT7vrf5CJ7RrOhfEJulhlrYPkXIsqMy0E3PzJs3RaiPbb6Gd9bZX37Cj8DYQ56J8MmAGRjkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219b2fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3b01a4e1b6e61ede809b68f3b0f21803
f2756ddd77a39e3cd0be033bfefe493b943c65ba
e1f45a9ed2fefd1cd157f7ee4d04c18f5a3c653718b75a65204ab1ba6045247f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oe8v0&_p=850542480&cid=166827851.1662628775&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662628774&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fjenetwood%2Funtitled-form-1&dt=Contact%20Form%20%7C%20forms.app&en=page_view&_fv=1&_nsi=1&_ss=2
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oe8v0&_p=850542480&cid=166827851.1662628775&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662628774&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fjenetwood%2Funtitled-form-1&dt=Contact%20Form%20%7C%20forms.app&en=page_view&_fv=1&_nsi=1&_ss=2
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-740JKHV4FZ>m=2oe8v0&_p=850542480&cid=166827851.1662628775&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662628774&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fjenetwood%2Funtitled-form-1&dt=Contact%20Form%20%7C%20forms.app&en=page_view&_fv=1&_nsi=1&_ss=2 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://my.forms.app
date: Thu, 08 Sep 2022 09:19:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 721eb245d022db7af3e30ad4e6b94226
4a53b4e9ad119295498594089826bddea4d0b9a6
6f350e89f4e7a0cea74c003493ea950c768ffcbea234bcf68a818b60842a2f3e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.app/static/img/use/svg/apple.svg
172.67.72.65200 OK 6.2 kB URL HTTP/2 forms.app/static/img/use/svg/apple.svg
IP 172.67.72.65:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1042), with no line terminators
Hash 5ace0799a2ca6ff35150f4e9a03ee5f4
b101857110fff0179581d75ddfa2c66419559047
2bb8a94449a8327c33bb808b3b4f08d527f79ffd04a8b786a6edefcfc645ecd6
GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRbi2iCyW4xRx8BgfSLotqFl7CWQhPbpLq2c3l9JzGOzjRJXBYUvnr0thbJPNsy5neU3cHldPt4Izhp33TOi3a2tZwfJh%2BQkSrdhXR47OVq3WDYFMmKM4iKx5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa259ebfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/icons/favicon-16x16.png?v=1
172.67.72.65200 OK 916 B URL HTTP/2 forms.app/static/icons/favicon-16x16.png?v=1
IP 172.67.72.65:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 7b4d7d6e0968fe900568920543a5876e
c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056
2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/png
content-length: 916
last-modified: Mon, 05 Sep 2022 13:08:26 GMT
etag: "6315f4ca-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bz72cMJ8wYnzsyAxh0iH48JMRM2UTH3m00zKkjxob8bWIew%2FD6exvK29db6KQvwb1FU%2Bee0IxUwHzWhO4bH9jknFjPAUR9Wa65YpU5IsyUtYoZymgngj3AD48A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa33aa4fac4-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext
142.250.74.10200 OK 17 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext
IP 142.250.74.10:0
Hash 48941b2fd40750a40e32e6202d539358
b2b8a26208a4db2bd4918287a1972563a6fb0242
bc9e2806afe5b17347fd95ebddb8361f2f99e943ebe54c6fd89a007117eae209
GET /css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 09:19:41 GMT
date: Thu, 08 Sep 2022 09:19:41 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/gsi/client
216.58.207.237200 OK 75 kB URL HTTP/2 accounts.google.com/gsi/client
IP 216.58.207.237:0
File type ASCII text, with very long lines (1027)
Hash e1875cf36c071259f4cf9a6876b2f6a8
754e646cca151895be91bf313cb9ab31f9d4cbfb
f2f2c033bf180eaba06126657fd523a23c3ed4948ea8941ff6b2a9a9c8f11f40
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Thu, 08 Sep 2022 09:19:42 GMT
date: Thu, 08 Sep 2022 09:19:42 GMT
cache-control: private, max-age=1800
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-i6_RmlQGsUABH_7xWSUY2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1623)
Hash 4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 08 Sep 2022 09:19:42 GMT
expires: Thu, 08 Sep 2022 09:19:42 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662628775144&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2670795453&sess_cookie=172443581831c65c4e7d5d8fe7e&sess_cookie_flag=1&user_cookie=172443581831c65c4e7d5d8fe7e&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
54.230.111.66200 OK 43 B URL HTTP/1.1 certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662628775144&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2670795453&sess_cookie=172443581831c65c4e7d5d8fe7e&sess_cookie_flag=1&user_cookie=172443581831c65c4e7d5d8fe7e&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
IP 54.230.111.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662628775144&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=2670795453&sess_cookie=172443581831c65c4e7d5d8fe7e&sess_cookie_flag=1&user_cookie=172443581831c65c4e7d5d8fe7e&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 08 Sep 2022 03:28:58 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: euQ3LOuSBnIM7DAsID7eKN8Z15d9LFNK1nZyz_9IDd3RKMsZAWFztQ==
Age: 21046
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4049a171741a68f3c780a01a3e82bdd9
77360db35db8479fa2247f9253a76637fad08c9c
5f985355f8cc8ab88d56b7fff6009f1ff330fe39de6d131711be352c44a1c0ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5478
Cache-Control: max-age=102241
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Etag: "63188aaa-1d7"
Expires: Fri, 09 Sep 2022 13:43:44 GMT
Last-Modified: Wed, 07 Sep 2022 12:12:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Thu, 08 Sep 2022 08:41:12 GMT
expires: Thu, 08 Sep 2022 10:41:12 GMT
cache-control: public, max-age=7200
age: 2311
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/bat.js
13.107.21.200200 OK 11 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=37319860CCC9678500FF8A79CD3C668D; domain=.bing.com; expires=Tue, 03-Oct-2023 09:19:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 21CB2DE7F8D1456D876723CFDBC074F4 Ref B: OSL30EDGE0216 Ref C: 2022-09-08T09:19:43Z
date: Thu, 08 Sep 2022 09:19:42 GMT
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: qYabh/KpKgCOpGiWo088kMG4hNnT7htiMitSM32yqrGV96N4Gs1Ya/OxS/UB/bNQ7eoSLiOUhYhXpiZ8invRCg==
priority: u=3,i
content-length: 26737
x-fb-trip-id: 1904183273
date: Thu, 08 Sep 2022 09:19:43 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4049a171741a68f3c780a01a3e82bdd9
77360db35db8479fa2247f9253a76637fad08c9c
5f985355f8cc8ab88d56b7fff6009f1ff330fe39de6d131711be352c44a1c0ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5478
Cache-Control: max-age=102241
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Etag: "63188aaa-1d7"
Expires: Fri, 09 Sep 2022 13:43:44 GMT
Last-Modified: Wed, 07 Sep 2022 12:12:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 6e71d9946ab9df275f88abafdb60b3f1
dd7a112a0e07d0e01da4b530df237b1ba96d8159
eda20f83d7319d50adcc6c7756afff6d86a9e47545e34dc5037492c437cee8a3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 09:19:43 GMT
Last-Modified: Thu, 08 Sep 2022 07:59:05 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OjTxlXkKRgKD7JE6QmFDCHNXJVGr9L1OdvmAaA--x6lwUSeeVAZJGA==
Age: 4838
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662628775153&url=https%3A%2F%2Fforms.app%2Fphishing
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662628775153&url=https%3A%2F%2Fforms.app%2Fphishing
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1662628775153&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662628775153%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQKFUCxZOk2trwAAAYMcZeQw7C01wpXZD-hoeGwhZXUS-kepR7kzo0k2ksTxVARDPYoAtUIte-kwXA; Max-Age=2592000; Expires=Sat, 08 Oct 2022 09:19:43 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQKp7OKOWGZfVwAAAYMcZeQwSBXWQQPVW6eo2BOAfzLhryHEO2_i-pFCjIe5yXwW3Lwx3cZ1Yxlzk5SYdAJKiw; Max-Age=2592000; Expires=Sat, 08 Oct 2022 09:19:43 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&6f634812-eaf8-4eaf-8e87-bde92b5bfa52"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Sep-2023 09:19:43 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2378:u=1:x=1:i=1662628783:t=1662715183:v=2:sig=AQH8SfLSocroMJhzWNqFBjqoMmT2YOKC"; Expires=Fri, 09 Sep 2022 09:19:43 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-source-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoJu4CxjifvxmSQN42oA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 308E3303B394486B958712B05E75248B Ref B: OSL30EDGE0109 Ref C: 2022-09-08T09:19:43Z
date: Thu, 08 Sep 2022 09:19:42 GMT
content-length: 0
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=4ddebeed-afe1-4b30-9add-a33ffc5f9841&sid=5b23aa802f5711ed84d5e193b575598c&vid=5b23a9d02f5711eda7a4851fc7f157ec&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=361&pt=1662628774714,,,,,0,0,0,0,0,0,47,147,147,150,355,360,361,,,&pn=0,0&evt=pageLoad&sv=1&rn=90068
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=4ddebeed-afe1-4b30-9add-a33ffc5f9841&sid=5b23aa802f5711ed84d5e193b575598c&vid=5b23a9d02f5711eda7a4851fc7f157ec&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=361&pt=1662628774714,,,,,0,0,0,0,0,0,47,147,147,150,355,360,361,,,&pn=0,0&evt=pageLoad&sv=1&rn=90068
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=4ddebeed-afe1-4b30-9add-a33ffc5f9841&sid=5b23aa802f5711ed84d5e193b575598c&vid=5b23a9d02f5711eda7a4851fc7f157ec&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=361&pt=1662628774714,,,,,0,0,0,0,0,0,47,147,147,150,355,360,361,,,&pn=0,0&evt=pageLoad&sv=1&rn=90068 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1088C803EB776494323DDA1AEA826522; domain=.bing.com; expires=Tue, 03-Oct-2023 09:19:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DE44630BBDE440EDBAA2DFBA8C03210E Ref B: OSL30EDGE0216 Ref C: 2022-09-08T09:19:43Z
date: Thu, 08 Sep 2022 09:19:42 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662628775541&cv=9&fst=1662628775541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=426785227.1662628774&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662628775541&cv=9&fst=1662628775541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=426785227.1662628774&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2304), with no line terminators
Hash f43096375ce12239b16693d19a2c0f74
7b29016cb43c1d10b1197808d8ad49908bcde836
86c47b7e4b11ed415a2124fcbb37ef3b4af8f550bb29e3a2f5bde74d9692293f
GET /pagead/viewthroughconversion/587928374/?random=1662628775541&cv=9&fst=1662628775541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=426785227.1662628774&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 09:19:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1038
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Sep-2022 09:34:43 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 745359d372160932e8030c0199354252
1590e053a17d05095a48538fc08ff06245bac4d6
e7f798120d5e587145e512941e7c090ec2720d30d216e241f5b6f96d5b2d1241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=166827851.1662628775&jid=903823166&gjid=1653203617&_gid=1572202111.1662628776&_u=aCDAgEAjAAAAAE~&z=1278969642
142.251.1.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=166827851.1662628775&jid=903823166&gjid=1653203617&_gid=1572202111.1662628776&_u=aCDAgEAjAAAAAE~&z=1278969642
IP 142.251.1.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=166827851.1662628775&jid=903823166&gjid=1653203617&_gid=1572202111.1662628776&_u=aCDAgEAjAAAAAE~&z=1278969642 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 08 Sep 2022 09:19:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
54.68.88.222204 No Content 0 B URL HTTP/2 redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP 54.68.88.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Sep 2022 09:19:43 GMT
server: Server
X-Firefox-Spdy: h2
bat.bing.com/p/action/137024713.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137024713.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=315A86881C0568B70F4194911DF069E3; domain=.bing.com; expires=Tue, 03-Oct-2023 09:19:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0B2D9DF787584F8798B4D8730C1168FC Ref B: OSL30EDGE0216 Ref C: 2022-09-08T09:19:43Z
date: Thu, 08 Sep 2022 09:19:42 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662628775873&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662628775872.1933880118&it=1662628775644&coo=false&tm=1&rqm=GET
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662628775873&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662628775872.1933880118&it=1662628775644&coo=false&tm=1&rqm=GET
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662628775873&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662628775872.1933880118&it=1662628775644&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Thu, 08 Sep 2022 09:19:43 GMT
expires: Thu, 08 Sep 2022 09:19:43 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 745359d372160932e8030c0199354252
1590e053a17d05095a48538fc08ff06245bac4d6
e7f798120d5e587145e512941e7c090ec2720d30d216e241f5b6f96d5b2d1241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/587928374/?random=1662628775541&cv=9&fst=1662627600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3684769670&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/587928374/?random=1662628775541&cv=9&fst=1662627600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3684769670&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/587928374/?random=1662628775541&cv=9&fst=1662627600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&async=1&fmt=3&is_vtc=1&random=3684769670&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 09:19:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=166827851.1662628775&jid=903823166&_u=aCDAgEAjAAAAAE~&z=2026876598
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=166827851.1662628775&jid=903823166&_u=aCDAgEAjAAAAAE~&z=2026876598
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=166827851.1662628775&jid=903823166&_u=aCDAgEAjAAAAAE~&z=2026876598 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 09:19:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:19:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12689
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12689
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12689
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12689
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:19:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12689
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:19:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c870cb13eb9cbc6e3cb66814dc06a157
b469f24dbfe01ee68650ef1b0abd6badb83e3325
d4dc98f6d2d86a94c85056797a4efd9ab938651fb06bf421c661b78a5c9d9319
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4570
x-amzn-requestid: c8acc548-6455-4951-9ca0-245a1c3bdf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VYGwEoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f55-58f59c61714ed9761d39c8b4;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UiG7UKRQy_MGckOpAsfoV4PUZZ2o8ko7Q6hqeYlzo5XS0874Cf2gxQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:02:08 GMT
age: 40655
etag: "b469f24dbfe01ee68650ef1b0abd6badb83e3325"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 124a0c0a970006aa660031b5e0ec70d9
3dcd7b5ca2cc9ab604df554b341d1e08bffaa3d7
14c5c6aaf110c123037eb860ecc9d386d46af55fe54cb50f9d1ad430f7e0c516
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11972
x-amzn-requestid: e71daf97-7463-492d-b55a-0eab022d8b05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0nI2G1tIAMFk2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311b89e-7d6c6d1769649d371c505453;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 08:02:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CVslihJ_SzJfBy6r_KYoG3lktlOhTpwmLfd0X9WQNQLvbSxK7YITCA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:20:13 GMT
age: 39570
etag: "3dcd7b5ca2cc9ab604df554b341d1e08bffaa3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 036db462684c81e3906433a0d2929eb8
7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d
a252f30f9239f6a343b23c9d3e1d1b7460c5ee5a592d3372bf124760baa6e657
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8246
x-amzn-requestid: d1a11f7f-22b7-4fc1-b33d-402e5bc3af33
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgEx4oAMF-pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7305dd7653fe38c9445e02a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: PA6CECu22n08hUsg1usYAy2YARZu4b0C0Lb9Rfh5RCKL3m3DDEWewg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:47:05 GMT
age: 41558
etag: "7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cd778a615e9a4ca3a25119790398434
d6daca74fc85d39274b3c7536f34528bef93ae97
e6b5a7a525e314e09c30985b22da7c34806df09cbe98ad52b00dcbf93a0dc054
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7251
x-amzn-requestid: 26b2021a-4440-47ce-8dba-d971cae60cc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bmHcmoAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-5471edce7de2374c3b8af888;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: d3MrDEyDFDylQKyfxONQ12_7IBvRAg8o0rSZ64WNRGNvDHqQyDmqJA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:17:17 GMT
age: 39746
etag: "d6daca74fc85d39274b3c7536f34528bef93ae97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca5b5d4ac26d97b5729a30ecdc688bc
3e633bc6c4ab9adfe84899e5209d73bef1d097eb
2c8275d1819d933f86df9685b76aea030842ba5a341c59ea88ffd2da99a5a3d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7885
x-amzn-requestid: 305dc6b7-eb3d-40ad-af89-8b60be935637
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThE3DIAMFRtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7c0b58644e26de7f27c5b388;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: MG4_YJuVqfSCQ80FTdo5XU8xIi74XtILVbIQAbByh54QNOoMJCyS-Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:47:05 GMT
age: 41558
etag: "3e633bc6c4ab9adfe84899e5209d73bef1d097eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 675756a44be6f9bbe341fa4c866c941b
6502050805e53baeb44d82e55d4b15b82e34d2eb
cd1d16b5feefddfd89ac4bfcff21e80c49f07b0428aa57e8de365974f813e755
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8820
x-amzn-requestid: e2c909d0-f781-48e6-805e-a43940e67c4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG_LpG1OIAMF_8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6319124a-37f3458a2905bd947cf01f93;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:51:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BEn2J8F8SsnyrLeWv5W6QDPn21ZjNXH3I0B2kUJYpgdMVp-88pb5rw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:17:34 GMT
age: 39729
etag: "6502050805e53baeb44d82e55d4b15b82e34d2eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662628775153%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662628775153%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662628775153%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662628775153&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&c4a29f22-c579-48df-8232-4f4439860c7a"; Domain=.linkedin.com; Expires=Fri, 08-Sep-2023 09:19:43 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&2022090809194334c27998-5297-4d64-8298-339f95676babAQEwPV85F56TabiJNApHbYXs0q4B_HQl"; Domain=.www.linkedin.com; Expires=Fri, 08-Sep-2023 09:19:43 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjI2Mjg3ODM7MjswMjHjMeirj+oOdAq6BA8PBaOOUJKhSE9RxxT/EJog6XotNA==; Domain=.linkedin.com; Expires=Tue, 07 Mar 2023 09:19:43 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2378:u=1:x=1:i=1662628783:t=1662715183:v=2:sig=AQH8SfLSocroMJhzWNqFBjqoMmT2YOKC"; Expires=Fri, 09 Sep 2022 09:19:43 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-source-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoJu4IdB6LE7UKWe778g==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 85AC2482971441C89D9BA865CB6384FF Ref B: OSL30EDGE0109 Ref C: 2022-09-08T09:19:43Z
date: Thu, 08 Sep 2022 09:19:42 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662628775153&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662628775153&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1662628775153&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&8b5227d3-f32b-4ae5-8f2e-18e530b1c2a6"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Sep-2023 09:19:43 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2377:u=1:x=1:i=1662628783:t=1662715183:v=2:sig=AQGNkbtEyOPkgRrOroiDH5cOIW0pcYkm"; Expires=Fri, 09 Sep 2022 09:19:43 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoJu4LxzvjlH6huKcYKw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9D37FF92641247B79C75A29E51AC2D56 Ref B: OSL30EDGE0109 Ref C: 2022-09-08T09:19:43Z
date: Thu, 08 Sep 2022 09:19:42 GMT
content-length: 0
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 08 Sep 2022 09:19:43 GMT
via: 1.1 varnish
x-served-by: cache-bma1625-BMA
x-cache: HIT
x-cache-hits: 2355
x-timer: S1662628784.815237,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
widget.intercom.io/widget/tt7hkkgs
54.230.111.95302 Found 0 B URL HTTP/2 widget.intercom.io/widget/tt7hkkgs
IP 54.230.111.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 31 May 2022 12:39:23 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ULYDup9TM5M68wqlywDBC_xAOhiF2D4y2LsTWKM9HPbB1EMoKZaEDA==
age: 8628021
X-Firefox-Spdy: h2
js.intercomcdn.com/shim.latest.js
143.204.55.80200 OK 6.2 kB URL HTTP/2 js.intercomcdn.com/shim.latest.js
IP 143.204.55.80:0
File type Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Hash 01abdbddd5c6b0d018606b1af5b2917e
277b7c5121106601caf7b93671dd18c4bfc0a415
598cad6489e45c479e8ab477364ebec7553d46c27e525d63d75b53c2d739bbc3
GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6171
date: Thu, 08 Sep 2022 09:17:08 GMT
last-modified: Thu, 08 Sep 2022 08:46:37 GMT
x-amz-server-side-encryption: AES256
cache-control: max-age=300, s-maxage=300, public
content-encoding: gzip
x-amz-version-id: lWhWA3y2s558mtyBj4qnBZyeb_SOfi7x
accept-ranges: bytes
server: AmazonS3
etag: "01abdbddd5c6b0d018606b1af5b2917e"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Xa3psDJFhq8TP63ILwUTjlj2MlfsRGOuZv_0O64mpjRt-Py-wPY7IA==
age: 156
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
js.intercomcdn.com/frame.4a3696c8.js
143.204.55.80200 OK 126 kB URL HTTP/2 js.intercomcdn.com/frame.4a3696c8.js
IP 143.204.55.80:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 126 kB (126245 bytes)
Hash b230bef459d3b3f97fee4756d32d3fe5
cc53aae838a8a4ff8ec302580c51efbe8f9c108b
a238a6c8302afaf54c348fb5a6960260f9f87f9b14ab36e16b317c478bb4280a
GET /frame.4a3696c8.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 126245
date: Thu, 08 Sep 2022 08:46:44 GMT
last-modified: Thu, 08 Sep 2022 08:45:15 GMT
etag: "b230bef459d3b3f97fee4756d32d3fe5"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, s-maxage=7200, public
content-encoding: gzip
x-amz-version-id: OlTgBBnV6dkjSFnFX8P7rAzs4eMKCtqU
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MiLQaecj3ORk2a8wmzJyl9zQjFwYuhrie3mhxtyFQVwSfrnIvHX56Q==
age: 1980
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
forms.app/assets/img/formsapp-logo.png
172.67.72.65200 OK 2.9 kB URL HTTP/2 forms.app/assets/img/formsapp-logo.png
IP 172.67.72.65:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 59766a971f90101d029ff73f0478a40e
131f63ef0a1d7cb350bddbae1a024fd3f6ec5489
6da09df32ca888e63b7c58d507cb1d717850be72fd4ba9b10dd26a7c478fc10a
GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.1.1662628775.0.0.0; _ga=GA1.2.166827851.1662628775; __asc=172443581831c65c4e7d5d8fe7e; __auc=172443581831c65c4e7d5d8fe7e; _gid=GA1.2.1572202111.1662628776; _uetsid=5b23aa802f5711ed84d5e193b575598c; _uetvid=5b23a9d02f5711eda7a4851fc7f157ec; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662628775872.1933880118
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:43 GMT
content-type: image/webp
content-length: 2852
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=3548
content-disposition: inline; filename="formsapp-logo.webp"
vary: Accept
etag: "63186f78-ddc"
last-modified: Wed, 07 Sep 2022 10:16:24 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 261
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=09aaQRVk%2F8pK3mgksCr31WSEIqj8avRdIZASJ1DD0lDFRbVdHBcYgaFDnpeSNT%2FNCREz94nZhNOk5ugGso2%2BkA4CMf9p0LGYmj3SnTp69kWoMSyQOfBBZIS9xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aabeaa3fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/huawei-app.png
172.67.72.65200 OK 4.5 kB URL HTTP/2 forms.app/assets/img/huawei-app.png
IP 172.67.72.65:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a2c762d799c9a180f091e0c8f5727770
a4c29b95d6b9a9174440766fec8cdb01a6f0b802
f3415fcfe8fa12d0d5dc1a9b18e1a3c24f329131a9e8338062480d48c28c380b
GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.1.1662628775.0.0.0; _ga=GA1.2.166827851.1662628775; __asc=172443581831c65c4e7d5d8fe7e; __auc=172443581831c65c4e7d5d8fe7e; _gid=GA1.2.1572202111.1662628776; _uetsid=5b23aa802f5711ed84d5e193b575598c; _uetvid=5b23a9d02f5711eda7a4851fc7f157ec; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662628775872.1933880118
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:44 GMT
content-type: image/webp
content-length: 4478
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=7360
content-disposition: inline; filename="huawei-app.webp"
vary: Accept
etag: "63186ee4-1cc0"
last-modified: Wed, 07 Sep 2022 10:13:56 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 262
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0onUUNe4ZKX7ZOKW1Gavs4wCnnkPVFGVk7h7UKpHoxulpMsdu0uV6W35lG7%2BDDtqTpxUjQSZjho2rq4moRor1%2BkT19d7hTKRGJYiN2gvQ%2BwRInC3DxktmOqTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aad9c3dfac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/google-play-logo.png
172.67.72.65200 OK 3.1 kB URL HTTP/2 forms.app/assets/img/google-play-logo.png
IP 172.67.72.65:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 04301b51315a99ddeea1d0e0083e5c3b
6da0163104368fe7e7d641ad3cf7dccaee95238b
9ce92cdbaf72e55de013e4adff22594a5303cf53490ba5ff85202e01590fbc23
GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.1.1662628775.0.0.0; _ga=GA1.2.166827851.1662628775; __asc=172443581831c65c4e7d5d8fe7e; __auc=172443581831c65c4e7d5d8fe7e; _gid=GA1.2.1572202111.1662628776; _uetsid=5b23aa802f5711ed84d5e193b575598c; _uetvid=5b23a9d02f5711eda7a4851fc7f157ec; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662628775872.1933880118
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:44 GMT
content-type: image/webp
content-length: 3094
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=7621
content-disposition: inline; filename="google-play-logo.webp"
vary: Accept
etag: "63186fa7-1dc5"
last-modified: Wed, 07 Sep 2022 10:17:11 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 262
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DqKI6iGAhPzeN1pjLRtpsCuljZb0SJtD0DK0CIPLijdicgXF2CVnqlORhIP3A5pW0MRegYDavGyGATTzGmuHFXxkd7QtbZnhTlE5uUd%2FcCL1mzG2y2avtsqL1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aad9c3bfac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/app-store-logo.png
172.67.72.65200 OK 3.1 kB URL HTTP/2 forms.app/assets/img/app-store-logo.png
IP 172.67.72.65:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 4c47baae2795fc06ff0021a915def9e6
faab97f915ffa9ee2da2522a67e6bf7630f079d0
57742b4fc8c501c01d1108b9ece22872f4f3c4e74f02a373e1397d9a1e20fa03
GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.1.1662628775.0.0.0; _ga=GA1.2.166827851.1662628775; __asc=172443581831c65c4e7d5d8fe7e; __auc=172443581831c65c4e7d5d8fe7e; _gid=GA1.2.1572202111.1662628776; _uetsid=5b23aa802f5711ed84d5e193b575598c; _uetvid=5b23a9d02f5711eda7a4851fc7f157ec; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662628775872.1933880118
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:44 GMT
content-type: image/webp
content-length: 3148
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=7634
content-disposition: inline; filename="app-store-logo.webp"
vary: Accept
etag: "63186ee4-1dd2"
last-modified: Wed, 07 Sep 2022 10:13:56 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 262
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyek48LY7y0pRc4ZKxjwVLdYLfGZ620N0wZUGvzXxDdtqeeMAsNag0kCQTjqxSTlpiZGfoPg2SMZXOO%2FoH5VreAAfGwJHwN0sAmFxHaXD0fwY%2BpFxg0sY3uGjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aae7d51fac4-OSL
X-Firefox-Spdy: h2
bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1651&ck=1&ref=https://forms.app/phishing&be=178&fe=1573&dc=361&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662628774714,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:47,%22rp%22:147,%22rpe%22:147,%22dl%22:150,%22di%22:355,%22ds%22:360,%22de%22:361,%22dc%22:1572,%22l%22:1572,%22le%22:1579%7D,%22navigation%22:%7B%7D%7D&fcp=306&jsonp=NREUM.setToken
185.221.85.4200 OK 77 B URL HTTP/1.1 bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1651&ck=1&ref=https://forms.app/phishing&be=178&fe=1573&dc=361&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662628774714,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:47,%22rp%22:147,%22rpe%22:147,%22dl%22:150,%22di%22:355,%22ds%22:360,%22de%22:361,%22dc%22:1572,%22l%22:1572,%22le%22:1579%7D,%22navigation%22:%7B%7D%7D&fcp=306&jsonp=NREUM.setToken
IP 185.221.85.4:0
ASN #206998 New Relic International Limited
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1651&ck=1&ref=https://forms.app/phishing&be=178&fe=1573&dc=361&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662628774714,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:47,%22rp%22:147,%22rpe%22:147,%22dl%22:150,%22di%22:355,%22ds%22:360,%22de%22:361,%22dc%22:1572,%22l%22:1572,%22le%22:1579%7D,%22navigation%22:%7B%7D%7D&fcp=306&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 09:19:45 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74769ab23e5a98ea-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=234631dbf21e68e9; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYs%2BpxxzYX2Do8sBFUPtUq51WnZ9jBimu1cf7GMbjp%2BLsiHd73YR53oxkylJS8PDodjhGsgLV8UmR7hBdgYV88sNnpKGpJ6dB%2FWBbGKRbHYyQUoA1kL%2FIsSBtfjodFQiK8lW888g"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
api-iam.intercom.io/messenger/web/ping
75.2.88.188200 OK 1.6 kB URL HTTP/2 api-iam.intercom.io/messenger/web/ping
IP 75.2.88.188:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3699), with no line terminators
Hash d2135d69dcaa442630ca5310b1840e37
2dbc8ba87601b0bb6448ccb97068ca0f5025e802
fbf640900a007555bebb02858b34fed3275e7ba8a9aef496c4f5d9215b66e732
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:44 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1662628790
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13331
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: 426122fea55ca733678a810dd232041930b7a106
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 000apf6ho2rchh63m8qg
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"589167493e3d02bc8156ffad8ce4aa7f"
x-runtime: 0.237550
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0359a879b27fffa05
X-Firefox-Spdy: h2
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2905&ck=1&ref=https://forms.app/phishing
185.221.85.4200 OK 24 B URL HTTP/1.1 bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2905&ck=1&ref=https://forms.app/phishing
IP 185.221.85.4:0
ASN #206998 New Relic International Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2905&ck=1&ref=https://forms.app/phishing HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 344
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 09:19:45 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74769ab2ff4398ea-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52hBlS1BL1FrcYJooA1qT19bOq1oOPavO%2BD%2BK2XTTIA2B7FLIfSFfRfft4Zr4xoqLtHs8Z25RGw9dftLPZf240eiQubiVK2%2F7DkF%2B%2FoMZ86nBkdxx%2BWZy24c6r5Q54tzYI1fqNgp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
104.18.47.230200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 104.18.47.230:0
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 74769a9c2fe6b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
my.forms.app/static/img/logo-home.svg
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/img/logo-home.svg
IP 172.67.72.65:0
GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WzKGDEf4%2BqguK1wxjok64TAuPQmA%2B1mXtK%2Fme3h%2F4%2B8v6bHGre9HGxfQXVZGMdvaNPolCc%2FD4hVLpQMt0YBqoEvViD1eC6ZXzT0qnloeR1kIY2wJtntFhZ0H5GNNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa11ffcfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/js/login.fb59ba75.js
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/assets/js/login.fb59ba75.js
IP 172.67.72.65:0
GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 10:13:56 GMT
vary: Accept-Encoding
etag: W/"63186ee4-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZv36lVh%2B5%2F5Z%2FnzxPDdQtziDo6NQaYuj7Mq%2BnZeCfcfxU7vZElN59Vrf7DtzRyAtK3eDntRYeVvdA97zFdf6%2FYmpuJlIE7XB7qe%2FruGbhXV3m42q2S56gRkWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa259eefac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
172.67.72.65200 OK 0 B IP 172.67.72.65:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.1.1662628782.0.0.0; _ga=GA1.2.166827851.1662628775; __asc=172443581831c65c4e7d5d8fe7e; __auc=172443581831c65c4e7d5d8fe7e; _gid=GA1.2.1572202111.1662628776; _uetsid=5b23aa802f5711ed84d5e193b575598c; _uetvid=5b23a9d02f5711eda7a4851fc7f157ec; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662628775872.1933880118; intercom-id-tt7hkkgs=3b6bc878-79d8-4b87-9ec0-0f33a2aec601; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:50 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 74769ad1b8d0fac4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
forms.app/assets/img/blog-logo.svg
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-logo.svg
IP 172.67.72.65:0
GET /assets/img/blog-logo.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Wed, 07 Sep 2022 10:16:24 GMT
vary: Accept-Encoding
etag: W/"63186f78-ee0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G3tMIHiCw8B%2Fnf1mCfcdM7UWETfM%2BipqsIB1b%2FqL%2FRTx1Dv2SbDmxQ24z3n2XhXuIybXv2V%2Fy4%2FLw6gzahbOPEOqpWMneH0ONTrdn5d%2Bt%2FSaf2J52ykHRovZvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219b4fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/img/help-resources.svg
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/assets/img/help-resources.svg
IP 172.67.72.65:0
GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Wed, 07 Sep 2022 10:16:24 GMT
vary: Accept-Encoding
etag: W/"63186f78-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruCCi6k3cohlEa3svHNxWi8GzYP%2FUPRg6iOE%2FYBBNVSMJ906equ5r8kqq%2FF9ZXCrKP2ShIMNZ2eSXacg%2FnxGEyCQqIEodmZwhIz5YFGczwxmfEb3owOA%2Fn1ClA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa229d0fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/assets/js/lazysizes.min.12809749.js
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/assets/js/lazysizes.min.12809749.js
IP 172.67.72.65:0
GET /assets/js/lazysizes.min.12809749.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 10:13:56 GMT
vary: Accept-Encoding
etag: W/"63186ee4-1c15"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QEWgWdiIUCdgQ95fml9GGhYSVn%2FmfxhVnY1%2B665exqWBktxKfPC2waLmUFgKRY6BIutNODafv2%2Bnyh9LPRi%2BHf8GzY8ET%2FS5GkTQrEuhZ1IDZNyTUyDGGi20zA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa269f9fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/vendor.88295.css
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/css/vendor.88295.css
IP 172.67.72.65:0
GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:19 GMT
vary: Accept-Encoding
etag: W/"6315f4c3-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=crJuTlGnmq%2BTl0fkpg7eiI6%2F3OFfzNdGV2HLgX4wCgAXkmG1KUi5V%2BFtGOdcuxSu4VaJH5PC1neNmarTghPD54j6fYa2UO81lLB33N6CBx4vZYbYhsyrm35roxS6XA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c0c04fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/hubspot-crm.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/hubspot-crm.png
IP 172.67.72.65:0
GET /sitefile/hubspot-crm.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=9843
content-disposition: inline; filename="hubspot-crm.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RXp3ylb0Yst6EU3Avqtqh1tNS0nT9Jz83bNoi%2FNN%2FOCRBXm%2FWDdAqLqVbdvyuY00Q7ZQVubsckzrXrUrzECTHuizGFC2ZNfNs%2FxsvxegSSnyyzx3jnTik5ONvBIpowhq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219b7fac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/Google%20Analytics.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Google%20Analytics.png
IP 172.67.72.65:0
GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2090
content-disposition: inline; filename="Google%20Analytics.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SKMBk63pAT8yJal6cKbnc%2BcipdKd7LH4MeZzBnWiqTazMlsw5r0I4QSbUZQd2rRPeHpg7%2BzyUssvnXuaWmkkUIF%2BHchvJYBkZnRpMRFGfezP6vK7k7vWngGPcVzYixEp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219bafac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/Notion.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/Notion.png
IP 172.67.72.65:0
GET /sitefile/Notion.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2900
content-disposition: inline; filename="Notion.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IuY%2BYVc%2Bow0jcwN88yRRXpspE3sczebkpG1wNv0W2bZ%2FCyrDDBVhJWNv8F%2BY9FlEI3OZAri%2BdmVbJgwowBqaeHm37JwSqObKPYM%2Fl109GQY%2FeEPoh2E%2BB836bxwujV6p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa229c6fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/blog-resources.svg
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/assets/img/blog-resources.svg
IP 172.67.72.65:0
GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Wed, 07 Sep 2022 10:16:24 GMT
vary: Accept-Encoding
etag: W/"63186f78-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQVlZ3KzAskh5U9HmXLRBmgYyL5GyQnh3DhDd5yTnyrc2tL3pqPPYrdK%2BuCGhTcu9W7k%2BT5Q0JnGn3DECZa%2BkWdp2HClgOuOowrsaSJkRTXKVNpv8vHGBjjyWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa229cffac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/iicon.8278c.css
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/css/iicon.8278c.css
IP 172.67.72.65:0
GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jvTsHTPoVlGG7tmqDudevSkALAyNeaFjECoeErdwvPnyaIJHlffU%2FXbwny4jCj0PmUZGiMQJLN2%2B2pWYOXTbvWXKjRfNmiDONvnMnjw6G233uoYwgUGGOhEJCl1K%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c0c09fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/app.d858d.css
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/css/app.d858d.css
IP 172.67.72.65:0
GET /static/css/app.d858d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:20 GMT
vary: Accept-Encoding
etag: W/"6315f4c4-107d0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ml89ItwUf%2Be0nph7X72U2f6EP6MDMH8Z8n3Rdqsf7iZ6fl7eEPBFWgBkEnTTx%2BYr74BrYSTy3%2FYzEioca8gZlDeaC1NlyL9PENcZlnmInwBLLRE6YY4E6Oq1F9jqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c0c05fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/runtime~app.1ad07.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/runtime~app.1ad07.js
IP 172.67.72.65:0
GET /static/js/runtime~app.1ad07.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:40 GMT
vary: Accept-Encoding
etag: W/"6315f4d8-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGaHdxR0jeZH0DJQus5JVmIy5MdsuILrwidUW2myMX4ZrN%2BhdzFH2KCxdHmBOoawY60lXibZzx9%2F8afeeXHWYRjSwJxBvE13mCa0geJEFiE0nmfuihs50lfIvG7TkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c1c1cfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/FormView.2e202.css
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/css/FormView.2e202.css
IP 172.67.72.65:0
GET /static/css/FormView.2e202.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-1f1e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yZyk1UJm%2FTOfdtL5BQS8fuCQTLeg79AJuKmtJE%2FctXOu2sbXT1llb0wS1KzYbeaYCkEknJI3V1tflpo0krZ3WZFBbNAfyuTEJnXExstLF0wz95TtzoFSCKonB85LMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9e4d97fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/cdn-cgi/rum?
172.67.72.65200 OK 0 B IP 172.67.72.65:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiZTdiZTk2MTQxN2Y1NWI1MSIsInRyIjoiNGE4ZWI2ZmY3NDlmNTc4MzZlODU1NTU0MGYwMjQ0ZGYiLCJ0aSI6MTY2MjYyODc3NjMwM319
traceparent: 00-4a8eb6ff749f57836e8555540f0244df-e7be961417f55b51-01
tracestate: 2885732@nr=0-1-2885732-286479549-e7be961417f55b51----1662628776303
content-type: application/json
Content-Length: 16752
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.1.1662628775.0.0.0; _ga=GA1.2.166827851.1662628775; __asc=172443581831c65c4e7d5d8fe7e; __auc=172443581831c65c4e7d5d8fe7e; _gid=GA1.2.1572202111.1662628776; _uetsid=5b23aa802f5711ed84d5e193b575598c; _uetvid=5b23a9d02f5711eda7a4851fc7f157ec; _dc_gtm_UA-123158574-1=1; _fbp=fb.1.1662628775872.1933880118
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:43 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 74769aaab9dafac4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
js.intercomcdn.com/vendor.21177279.js
143.204.55.80200 OK 0 B URL HTTP/2 js.intercomcdn.com/vendor.21177279.js
IP 143.204.55.80:0
GET /vendor.21177279.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103195
date: Thu, 08 Sep 2022 08:46:44 GMT
last-modified: Thu, 08 Sep 2022 08:45:15 GMT
etag: "75709a7ba3f94daa201cd638e62c3f6a"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, s-maxage=7200, public
content-encoding: gzip
x-amz-version-id: RgdSDySiVnH2zBxQjHy8gu_4Hi5dPeiJ
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EbL8uv5J8s9uPpxseaTwJYWA6cB4Nyhm7zTqz_DcuK_DwUCdRt6hpw==
age: 1980
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
file.forms.app/sitefile/excel%20copy.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/excel%20copy.png
IP 172.67.72.65:0
GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6706
content-disposition: inline; filename="excel%20copy.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMQtOXU2UR7SKETYcXc537JuVSP2FZxmwdrY3RknO9Wi4AorZrw3QUV7lzlcvTioSgohUxhzmaICjK6f1bUjoIqMW21gJHdB4bOltSwTF2t5%2Fu8OEcGBYYGUfBkxqT6o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219c2fac4-OSL
X-Firefox-Spdy: h2
my.forms.app/static/css/dcomponents.2f40b.css
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/css/dcomponents.2f40b.css
IP 172.67.72.65:0
GET /static/css/dcomponents.2f40b.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-194c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCE8tmNEaR3ArD7S7F2mDQGEOMvShOI81qN6mbQHc3Ts3IGZ%2FzG01CyN%2FP5kzL0YQdPpNNqP%2BzJZSbStqYPT2z7t22MqAhBKWDjHP4zeWIEeuUri4uav9bFdT9pzVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c0c08fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/app.aae1e.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/app.aae1e.js
IP 172.67.72.65:0
GET /static/js/app.aae1e.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:07 GMT
vary: Accept-Encoding
etag: W/"6315f4b7-3ee9f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajQ6ZsohIaRLOJWdlhQcuELgktWwvJAR32emE9WYPxBGBn%2BiLlgMMh1SkobvmnTi763e4l1KW9Rmeu4zVUeGZwnYHedb1U9B%2FxxT9jisFmj79tLmHazytnSF%2FleAtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c0c0ffac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/form/jenetwood/untitled-form-1
104.26.7.145403 Forbidden 0 B URL HTTP/2 api.forms.app/form/jenetwood/untitled-form-1
IP 104.26.7.145:0
GET /form/jenetwood/untitled-form-1 HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Authorization: none
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 403 Forbidden
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HuLuS1isoyHMpF3WBrqJ5eCVnoDuNsZEj7MYg%2F%2FH722VN8%2FHw3KFOkFtkN5Hw8AAgmyIr5p72ewAnjbPID2aLFdnAUMBFLNXWg7vfBUPQQoEJAAWP%2BmgJePJpgZTgw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa029f6b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/isvg.cd861.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/isvg.cd861.js
IP 172.67.72.65:0
GET /static/js/isvg.cd861.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Cookie: language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:10 GMT
vary: Accept-Encoding
etag: W/"6315f4ba-7eeb"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rGvJzLtnRtCn3C3KrVbYw39Z4gzD9747E0fVO%2BuwJa4Tsr7MLHwkLpCqjLO3xnQmyJKlNGQXRXl%2F5FwTO80I43rZJvx4i%2BvudUjQFp%2BOc36cZQdrxWZVEqbHW0Cmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9e4d9efac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/mainheader.53158.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/mainheader.53158.js
IP 172.67.72.65:0
GET /static/js/mainheader.53158.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Cookie: language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-1b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=513UDUkY%2FRUSP%2BUj4ljch3LldEbZ0stN3yv12UUkk14oIDMA%2F7S8hFokYAqtNTmrw5nPFFkIJ5HFx3A3XutDiovRfhDH1YrUo%2BO3auXyT7mBS3ulOmSX6BjtUbI7%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9e5db1fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/sheets.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/sheets.png
IP 172.67.72.65:0
GET /sitefile/sheets.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6381
content-disposition: inline; filename="sheets.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PkwXsiBuj6Rdtz2n%2F4dH%2BAKIybqNv%2F%2BhieAdxCUaF9OXFl9IybYYiTVe2namQADz0docASdc6cxNTOGkZjHlW5bMg8twegxFxyakMpm0lcwxVpU4cp%2BsdJVF0RewacYz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219b8fac4-OSL
X-Firefox-Spdy: h2
file.forms.app/sitefile/trello.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/trello.png
IP 172.67.72.65:0
GET /sitefile/trello.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5239
content-disposition: inline; filename="trello.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QuN6YMGdgkwu8ElZUu0h6YI5MyfSbu%2FbolTRP2Uw3%2Bg%2BPcKeX%2BWJknqFiIeqxlq4%2BouA9%2FiZm1alFDiJgpH7qgrbBePzuNbXhmSiyIlOsuHNDznDvZKxCFCLwzjOoD3b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219b9fac4-OSL
X-Firefox-Spdy: h2
my.forms.app/static/js/dcomponents.15d95.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/dcomponents.15d95.js
IP 172.67.72.65:0
GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:45 GMT
vary: Accept-Encoding
etag: W/"6315f4dd-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CvcF9Or9p2zQgjtp%2B24NDICthDNDrwaZxv3VYHvTbkAyvNrSJMqa6MIox%2FY4rHajzAhVThbJ5SR1d0lpNqMspoksQQtA%2B%2FwGSUP684XfwuqhD%2BCeQNGDYjGUVlGR6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c1c17fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/iicon.bcebb.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/iicon.bcebb.js
IP 172.67.72.65:0
GET /static/js/iicon.bcebb.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:44 GMT
vary: Accept-Encoding
etag: W/"6315f4dc-2fe9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzZ9kdXcCuntI%2F1KAtLR%2Fd327MxHNn0%2FScQfhIgN4w5WayIHbPwDI8kF4HbFsPxq%2FX4XwnQkP3HmhVYA0j%2BYiNfOUJ2UR6ZNi%2FCowMfFDPH3UpfQlrup8mLKtyJ3sA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c1c19fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
IP 172.67.72.65:0
GET /static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:06 GMT
vary: Accept-Encoding
etag: W/"6315f4b6-2f93"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=67BVky%2FjRVFNmWPqxpAFMlvyrLrdSnRwVvn3KdKuW4Xy2n7i4aagtnUextH7%2FiRA1etUAnJSh0X83aWZORgETAWHwk399vKa7i33aI6SfJW0HV12km9%2F0dvq1iXi%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9d9d17fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/swal.2ebcf.css
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/css/swal.2ebcf.css
IP 172.67.72.65:0
GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:07:59 GMT
vary: Accept-Encoding
etag: W/"6315f4af-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oeh9DNlAOvL5nawkgsOUkcJfsMROaf5Rg%2FQY%2FdLs30q5m70wFP%2BYyLXxiAUmMQ2jikwEbrOXAVW%2FkdXXchdcHtQIpu10yaaEVvVnqiKBSKey1E6MeYl6blLlAnEiEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9d9d1cfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vuegtm.3359a.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/vuegtm.3359a.js
IP 172.67.72.65:0
GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:44 GMT
vary: Accept-Encoding
etag: W/"6315f4dc-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMjefsDaoub3H4jvrWcC97Z7nGfCi8rQHrQdNeB93dD9rJLx41pEjOrPbiRsLZTvQhRugeJIlyGnIc2n0livktCGYMof8u1QUWakS4J2RaToDnZN3TsbdjpvGwtJuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9d9d1ffac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.forms.app/user/gettimezonefromutc
104.26.7.145200 OK 0 B URL HTTP/2 api.forms.app/user/gettimezonefromutc
IP 104.26.7.145:0
POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FRDPpASdFta7XbBRRvpNFFSbtlhmOhPPGJSG9G7nQ1KdJ%2BW9E0IUQQ%2FttdbXHaeHsefowCUIP0JpeL5Uy9MdpsUZJzBW9AGsA47MHbCxkg7lX0QtrG2s%2F4eOY6RQnI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9fa94eb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
file.forms.app/sitefile/wordpress.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/wordpress.png
IP 172.67.72.65:0
GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=14590
content-disposition: inline; filename="wordpress.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5VhcUEYdfL2%2FW3%2BNS%2FIHjr4TNYVrlAKxuOk8dPu9FYQC02LtdPjf6WOkAkDLIDp6zLdP64FqsdxL26h0GBQkGtShU6noN5MsScOv26L8zhyp%2Fi4Yp6kE9FUtZb6zyYIS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219c4fac4-OSL
X-Firefox-Spdy: h2
forms.app/assets/img/templates-resources.svg
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/assets/img/templates-resources.svg
IP 172.67.72.65:0
GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Wed, 07 Sep 2022 10:14:47 GMT
vary: Accept-Encoding
etag: W/"63186f17-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZULo%2FaWOkUzWLxcGqRsBse1RHpwzHklZMUHhDZhTMjvt1az5lTEoXwN%2BTN4OSqYnf5mppsjiCsJlrlBt4KY7QO99Msi6KV9BKgbwZOqkChpiHJO4ST0KhnhCww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa229d1fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/google.svg
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/google.svg
IP 172.67.72.65:0
GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:07:59 GMT
vary: Accept-Encoding
etag: W/"6315f4af-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CCKUFODbMcwePEWMBcb2t%2FbyFfnXxwTkuALprSILhRZgJNoUeZ3t%2B2%2F96BpgmIqyAHjy57IRNVbwAMd3NUCV2CUWG76K9BN0PgaZghvXCGTsUZ3bQIG4XNanNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa239d6fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/icons.2b7bf.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/icons.2b7bf.js
IP 172.67.72.65:0
GET /static/js/icons.2b7bf.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:02 GMT
vary: Accept-Encoding
etag: W/"6315f4b2-360f1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=naZxGfPCB10Oc6WvQs2QupPTq8HJNi6VQX0TT0oqRoSeDRlvEWclV1aItGbeYo6LD3z3ohSDx6d%2BsUSQ3NTcO4nnGfVSg5oI2FYXBurwf5iOdESi4Hdk21l3r69dgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa13821fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/swal.4f135.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/swal.4f135.js
IP 172.67.72.65:0
GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:20 GMT
vary: Accept-Encoding
etag: W/"6315f4c4-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xpjFmOXn4Kv%2BOEeZlcDtDOM%2BiGmMbtbHTtSjpQmg7PDSd3TsJGwIQ3Tj4GX4h4%2Fpp7dSVXt4vTmLbTsd1jiUBzhoamqeEIWyG%2BvDxUv79aryKlkdHe9NO2tEmF9iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9d9d1efac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
forms.app/static/img/use/svg/facebook.svg
172.67.72.65200 OK 0 B URL HTTP/2 forms.app/static/img/use/svg/facebook.svg
IP 172.67.72.65:0
GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dCqXJv%2Fsuyr0H%2FEL%2FOuQPKL%2FJPrYw6kbhdeahMj9auCz1ndygpLRHgEbQ2HZoW3x5TEAWqRKsZonN4Sdq86%2F7mAW2RxMB%2BRvN3eJ%2Bd1O60I0YqHVvBKwi0EUQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa239ddfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/jenetwood/untitled-form-1
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/jenetwood/untitled-form-1
IP 172.67.72.65:0
Analyzer Verdict Alert fortinet Phishing
GET /jenetwood/untitled-form-1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8l7yfwFxX1B5diBAV%2FqKfyvupFvLJ5Zm2cJj3dOwamKBvictFIH%2FVcKQ5U%2BV9cYUDiVwyzLpT2I%2F2uWrKhe9wxDIsk2oGHQGCi%2Fg3I6TyS%2Bw3lsBVefvx%2FB6lNBuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9a1ac5fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vuelazyload.45220.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/vuelazyload.45220.js
IP 172.67.72.65:0
GET /static/js/vuelazyload.45220.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:22 GMT
vary: Accept-Encoding
etag: W/"6315f4c6-50a6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hS33CHvQcZ1MyR%2BdTiPTa2HWSxDQJeQTrGUZAhkhDzfeVz1KPrSEzfyLGLb1UGDZhU%2ByspWE%2BmNSccMDicKRMKLDr059ZWHAG0d2mPlD2J7pYD4AS3FJY9DBEYmhfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9d9d18fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/vendor.523c4.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/vendor.523c4.js
IP 172.67.72.65:0
GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:05 GMT
vary: Accept-Encoding
etag: W/"6315f4b5-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqGu1Cz5NkwL0sR8qE%2BWJhvyQ9rMGJ8RcKa5t9PB9W55pRqsvwFS8NSYZUg1S8RHuXFl3DJyKhUvWM5M1xKE5Rg3TOowcj29WVKP869bH%2Fxux2H%2FpFm7kMgR48%2BNcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9c1c1bfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/js/FormView.7077f.js
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/js/FormView.7077f.js
IP 172.67.72.65:0
GET /static/js/FormView.7077f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:43 GMT
vary: Accept-Encoding
etag: W/"6315f4db-a2e4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtgeGguwOo9vak80xWoAjhNYu3BmvhSmzXjgw2Gvt4YwVQg0sI%2FKlONiSzFGaANyyA%2Bb%2FWINlSUbex059ZQgPUzVv4jr7jZxLHmRHIsGnAhKaLIyjPv3zXUQSnOcDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9e4d99fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/static/css/mainheader.c3247.css
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/static/css/mainheader.c3247.css
IP 172.67.72.65:0
GET /static/css/mainheader.c3247.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Cookie: language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:41 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-1405"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 6877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HtLFWoDrYlVJvOdvae7SkLHZII32oZ%2FYIHUFTAYPHKeTiY945oPI5JyOCMalwFeZZdWPBmTDBjoFEZygNIta9X3t%2BZt%2F0WbcsIw1oy5RVdut22ntkU7euK4GgYlbQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769a9e5da8fac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.forms.app/cdn-cgi/rum?
172.67.72.65200 OK 0 B URL HTTP/2 my.forms.app/cdn-cgi/rum?
IP 172.67.72.65:0
POST /cdn-cgi/rum? HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 376
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/jenetwood/untitled-form-1
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: text/plain
access-control-allow-origin: https://my.forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 74769aa1c974fac4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
file.forms.app/sitefile/slack.png
172.67.72.65200 OK 0 B URL HTTP/2 file.forms.app/sitefile/slack.png
IP 172.67.72.65:0
GET /sitefile/slack.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: language=en; _gcl_au=1.1.426785227.1662628774; _ga_740JKHV4FZ=GS1.1.1662628774.1.0.1662628774.0.0.0; _ga=GA1.1.166827851.1662628775
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 09:19:42 GMT
content-type: image/webp
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=6402
content-disposition: inline; filename="slack.webp"
vary: Accept
cf-cache-status: HIT
age: 6906
last-modified: Thu, 08 Sep 2022 07:24:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D7fYNnLaE7gnKIZ6tGTSu2X4vmnHtpoBHAgnoAEf4eFdvZ7R8Hglllto8k2SmYPmcqtcMFsbY3ZX8EEzKLhbegs35m3fbG3RAWUUU9mxYi%2FtzPOnDCSDrcXrP7RqJJUv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 74769aa219b6fac4-OSL
X-Firefox-Spdy: h2