| gozenforms.com/assets/index-e20e21de.css | 76.76.21.241 | 200 OK | 7.7 kB |
URL GET HTTP/2gozenforms.com/assets/index-e20e21de.css IP76.76.21.241:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerLet's Encrypt Subjectgozenforms.com FingerprintD1:C3:23:A6:B1:00:7A:B8:87:55:5F:4F:DE:22:19:6B:E3:EC:01:3D ValidityTue, 12 Mar 2024 15:05:00 GMT - Mon, 10 Jun 2024 15:04:59 GMT
File typeASCII text, with very long lines (35313) Hash2a9d36e20f8ac80865c3940c71303848 73fbe6411ec58db7609c89f04ffdc2585577fd2b e20e21de56db91d5216c5cfef1b803b21b34c04087861fdb142a988c15d710de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/index-e20e21de.css HTTP/1.1
Host: gozenforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gozenforms.com/NqrKaIBt4yGroIEJwKcf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
age: 2623598
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="index-e20e21de.css"
content-encoding: br
content-type: text/css; charset=utf-8
date: Sat, 04 May 2024 21:13:33 GMT
etag: W/"2a9d36e20f8ac80865c3940c71303848"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: arn1::7drs9-1714857213359-40f3af874898
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap | 142.250.74.170 | 200 OK | 1.4 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap IP142.250.74.170:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash8d43a6b6038e5681ff6460370f2b27d6 ec76eea2ed47abcfdc19cf715d060cda737c2d7d 1e835cd4f96ff7695be96a87d95943bad156484edd441811b48629c5193e5129
GET /css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gozenforms.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 21:13:33 GMT
date: Sat, 04 May 2024 21:13:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash9211ca064a1c066bf4c17e24fa1b6143 422ad79387de28b1f78944f368de4ba67e1c94c1 dbfd2d290fe381aec3375c75cd52d3b0ac0b07592e385b334f6cc5139d72e1c8
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 21:13:34 GMT
Server: ECAcc (amb/6AB2)
X-Cache: Miss from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lvStvrPNxFbtoCpXXQahlzlB4ivQEMNivTkETXhyBOWlxDRkkO-uAA==
|
|
| api.forms.gozen.io/api/v1/form/render?formId=NqrKaIBt4yGroIEJwKcf | 52.207.33.100 | 200 OK | 5.5 kB |
URL GET HTTP/2api.forms.gozen.io/api/v1/form/render?formId=NqrKaIBt4yGroIEJwKcf IP52.207.33.100:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerAmazon Subject*.forms.gozen.io Fingerprint5B:B1:6E:E1:66:22:20:6C:D6:A5:3A:78:FE:DB:B6:D8:84:3A:70:87 ValiditySun, 17 Mar 2024 00:00:00 GMT - Tue, 15 Apr 2025 23:59:59 GMT
Hash5d3bd099481aecfd628486a91b8a3c48 8f620e946e37889bb77c8688ca407b17ac997af7 90063e5902bb4b19dec61f360adc1cc0669ad1b84dbeb75c13af87c3e3fb9108
GET /api/v1/form/render?formId=NqrKaIBt4yGroIEJwKcf HTTP/1.1
Host: api.forms.gozen.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gozenforms.com
DNT: 1
Connection: keep-alive
Referer: https://gozenforms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:13:34 GMT
content-type: application/json
content-length: 5494
server: nginx/1.24.0
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| www.cloudflare.com/cdn-cgi/trace | 104.16.123.96 | 200 OK | 5.5 kB |
URL GET HTTP/2www.cloudflare.com/cdn-cgi/trace IP104.16.123.96:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerLet's Encrypt Subjectwww.cloudflare.com FingerprintD5:88:2B:C6:94:C0:B0:2C:86:40:43:DE:7F:4C:F7:1D:B1:67:0D:04 ValidityThu, 25 Apr 2024 21:43:30 GMT - Wed, 24 Jul 2024 21:43:29 GMT
File typegzip compressed data, from Unix Hashb90b5bf30dcad23f14971e8bfbe6b2a3 640dee2843866ed89dfa1726e5c1723ebd379601 3e5aeab933c421cc74bc48e8ca9d4f4a54537e73c7d173e6c7182298ac6a0cb9
GET /cdn-cgi/trace HTTP/1.1
Host: www.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gozenforms.com
DNT: 1
Connection: keep-alive
Referer: https://gozenforms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:13:33 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 87eb7ed289845691-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| api.forms.gozen.io/api/v1/analytics/views?formId=NqrKaIBt4yGroIEJwKcf | 52.207.33.100 | 200 OK | 0 B |
URL PUT HTTP/2api.forms.gozen.io/api/v1/analytics/views?formId=NqrKaIBt4yGroIEJwKcf IP52.207.33.100:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerAmazon Subject*.forms.gozen.io Fingerprint5B:B1:6E:E1:66:22:20:6C:D6:A5:3A:78:FE:DB:B6:D8:84:3A:70:87 ValiditySun, 17 Mar 2024 00:00:00 GMT - Tue, 15 Apr 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v1/analytics/views?formId=NqrKaIBt4yGroIEJwKcf HTTP/1.1
Host: api.forms.gozen.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Referer: https://gozenforms.com/
Origin: https://gozenforms.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 04 May 2024 21:13:35 GMT
server: nginx/1.24.0
access-control-allow-origin: *
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| form-assets.forms.gozen.io/asserts/d386bc9a28e240029c029e35093b4dcf/KNVnCIQdFymy3M.png | 143.204.55.68 | 200 OK | 745 kB |
URL GET HTTP/2form-assets.forms.gozen.io/asserts/d386bc9a28e240029c029e35093b4dcf/KNVnCIQdFymy3M.png IP143.204.55.68:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerAmazon Subject*.forms.gozen.io Fingerprint5B:B1:6E:E1:66:22:20:6C:D6:A5:3A:78:FE:DB:B6:D8:84:3A:70:87 ValiditySun, 17 Mar 2024 00:00:00 GMT - Tue, 15 Apr 2025 23:59:59 GMT
File typePNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced Size745 kB (745186 bytes) Hash00569d5fb0283b3bf1051b507432628a be8e60781cea35c64d6c0151a6d7bcb5dc4db4b0 c6ad0ee3d3a3f34b1b08545c7d420e104b8e8d04f6c198207c76e898a2a0bd7f
GET /asserts/d386bc9a28e240029c029e35093b4dcf/KNVnCIQdFymy3M.png HTTP/1.1
Host: form-assets.forms.gozen.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gozenforms.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 745186
date: Sat, 04 May 2024 21:13:36 GMT
last-modified: Wed, 28 Feb 2024 14:20:26 GMT
etag: "00569d5fb0283b3bf1051b507432628a"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 04Ho4TWCZsUIox3h68YjOuSKnx1D7Og3Xs_WqoKI4j-mco-Ilvl8_A==
X-Firefox-Spdy: h2
|
|
| api.forms.gozen.io/api/v1/analytics/views?formId=NqrKaIBt4yGroIEJwKcf | 52.207.33.100 | 200 OK | 1 B |
URL PUT HTTP/2api.forms.gozen.io/api/v1/analytics/views?formId=NqrKaIBt4yGroIEJwKcf IP52.207.33.100:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerAmazon Subject*.forms.gozen.io Fingerprint5B:B1:6E:E1:66:22:20:6C:D6:A5:3A:78:FE:DB:B6:D8:84:3A:70:87 ValiditySun, 17 Mar 2024 00:00:00 GMT - Tue, 15 Apr 2025 23:59:59 GMT
File typevery short file (no magic) Hasha87ff679a2f3e71d9181a67b7542122c 1b6453892473a467d07372d45eb05abc2031647a 4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a
PUT /api/v1/analytics/views?formId=NqrKaIBt4yGroIEJwKcf HTTP/1.1
Host: api.forms.gozen.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 2
Origin: https://gozenforms.com
DNT: 1
Connection: keep-alive
Referer: https://gozenforms.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:13:35 GMT
content-type: application/json
content-length: 1
server: nginx/1.24.0
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| gozenforms.com/NqrKaIBt4yGroIEJwKcf | 76.76.21.241 | 200 OK | 2.2 kB |
URL User Request GET HTTP/2gozenforms.com/NqrKaIBt4yGroIEJwKcf IP76.76.21.241:443
CertificateIssuerLet's Encrypt Subjectgozenforms.com FingerprintD1:C3:23:A6:B1:00:7A:B8:87:55:5F:4F:DE:22:19:6B:E3:EC:01:3D ValidityTue, 12 Mar 2024 15:05:00 GMT - Mon, 10 Jun 2024 15:04:59 GMT
File typeHTML document, ASCII text, with very long lines (2242), with no line terminators Hash56da5d7ee69ba622a1637f10cc02a714 18ce2f2fa6832eeab007071c7ae49358ecd12699 03b3fbd3d7e88c0b554b7055bf4f727d63b95700c7eb5cc83919c49a10d0a2ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /NqrKaIBt4yGroIEJwKcf HTTP/1.1
Host: gozenforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
age: 2599524
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 04 May 2024 21:13:33 GMT
etag: W/"68255c29c55324021aad9c1aba82a56b"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: arn1::qcq2n-1714857213065-df7a28e4ef6e
X-Firefox-Spdy: h2
|
|
| gozenforms.com/assets/index-c62be1ee.js | 76.76.21.241 | 200 OK | 1.2 MB |
URL GET HTTP/2gozenforms.com/assets/index-c62be1ee.js IP76.76.21.241:443
Requested byhttps://gozenforms.com/NqrKaIBt4yGroIEJwKcf CertificateIssuerLet's Encrypt Subjectgozenforms.com FingerprintD1:C3:23:A6:B1:00:7A:B8:87:55:5F:4F:DE:22:19:6B:E3:EC:01:3D ValidityTue, 12 Mar 2024 15:05:00 GMT - Mon, 10 Jun 2024 15:04:59 GMT
Size1.2 MB (1150794 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/index-c62be1ee.js HTTP/1.1
Host: gozenforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gozenforms.com/NqrKaIBt4yGroIEJwKcf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
age: 2623597
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="index-c62be1ee.js"
content-encoding: br
content-type: application/javascript; charset=utf-8
date: Sat, 04 May 2024 21:13:33 GMT
etag: W/"173cd8e2d29fcb64a994d0ff0f67f766"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: arn1::fjxtc-1714857213358-b609db324e0c
X-Firefox-Spdy: h2
|
|