Report - my.forms.app/form/629b6312bd94a175bb849970

Report Overview

Submitted URL
my.forms.app/form/629b6312bd94a175bb849970
IP
104.26.6.145
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-09 01:38:19
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
api.forms.app	992980	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.1 kB	104.26.6.145
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	42 kB	34.120.237.76
js.intercomcdn.com	2440	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	135 kB	54.230.111.84
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	139 kB	142.250.74.72
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.39.57.61
bat.bing.com	387	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	14 kB	204.79.197.200
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361 B	16 kB	142.250.74.164
my.forms.app	720683	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	21 kB	127 kB	104.26.6.145
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	2.1 kB	142.250.74.10
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	718 B	559 B	216.239.32.36
certify.alexametrics.com	3704	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	868 B	550 B	54.230.111.107
www.linkedin.com	608	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	557 B	2.8 kB	13.107.42.14
nexus-websocket-a.intercom.io	2137	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	179 B	35.174.127.31
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
px.ads.linkedin.com	522	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	918 B	2.3 kB	13.107.42.14
widget.intercom.io	2417	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	351 B	375 B	54.230.111.86
api-iam.intercom.io	2892	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	972 B	75.2.88.188
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	497 B	694 B	142.250.74.3
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	785 B	2.0 kB	142.250.74.66
bam.eu01.nr-data.net	9782	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	1.7 kB	185.221.85.4
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	978 B	2.7 kB	23.36.76.226
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	584 B	707 B	142.251.1.155
certify-js.alexametrics.com	6457	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	352 B	4.8 kB	143.204.55.5
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	943 B	143.204.42.158
redirect.prod.experiment.routing.cloudfront.aws.a2z.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	96 B	54.191.95.119
js-agent.newrelic.com	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	19 kB	151.101.86.137
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.3 kB	142.250.74.3
forms.app	267784	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	17 kB	76 kB	104.26.7.145
snap.licdn.com	1044	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	3.4 kB	23.36.76.121
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	625 B	499 B	31.13.72.36
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	393 B	104.18.47.230
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	658 B	1.5 kB	93.184.220.29
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	488 B	46 kB	142.250.74.163
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	28 kB	31.13.72.12
file.forms.app	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	37 kB	104.26.7.145
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.2 kB	216.58.207.237

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-09	medium	my.forms.app/form/629b6312bd94a175bb849970	Phishing
2022-09-09	medium	forms.app/phishing	Phishing
2022-09-09	medium	my.forms.app/form/629b6312bd94a175bb849970	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (52)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c	223 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:02:14 Last Seen2023-03-07 14:02:14 Times Seen1 Hash aee0b4d9d333ab70a4912926b077f0dc 6ee904d6cb682484ccdc14e99712e49f5ab9bfd3 a0a68ab6e5b4c6c19046ab3a984333645e69c5d75d42db82c5763412187a49fb Loading...

	my.forms.app/static/js/asyncstyles.7792f.js	267 B	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/asyncstyles.7792f.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen40 Hash e9ab4946cf2a453adb928ba6eaf58699 1280272fc2b80ed3d22e058bd2007b46860f900a 624c98a4aae29a8b19af5a99ce8683003dad8f99ae42d2dbe7b8305930ddbc81 Loading...

	my.forms.app/static/js/vuelazyload.45220.js	21 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/vuelazyload.45220.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 12:33:24 Times Seen1 Hash c9c484adae51a52b2f5e3e08bab61d99 299f1b0fdd775e209cca550c8d6c1ca5435d8d7f 8b06f09064de32af0c1ef92560c2ad7fb47e7faa2b5e518704c399db31dc6e72 Loading...

	my.forms.app/static/js/lang-en.3d2e2.js	64 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/lang-en.3d2e2.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash aeb019626a5a2fe3b922cc89580b37c4 78a5571245b4bb9ad195017e86907e58c8114a47 710971164c22655e8c44128d9080df32ba2ef75815b9d848270ee95289d6f13b Loading...

	bat.bing.com/bat.js	39 kB	2023-03-07	2023-08-25
Pretty URL bat.bing.com/bat.js IP 204.79.197.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2023-08-25 07:33:07 Times Seen42 Hash 16911c194f6e9313655f07c4eb9d8737 d39ccfa8c6d785af331afafe9e36336031f41b64 30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7 Loading...

	forms.app/phishing	375 B	2023-03-07	2024-01-22
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-01-22 14:10:06 Times Seen10 Hash fb1287fd70883e651f085686002c9ca8 0359f31e27dcda183ae6623ab679aead74f2a867 e55c57249936358e468a9dd77446797fac1ac6b9308933b49a30840b011d1509 Loading...

	my.forms.app/static/js/vuegtm.3359a.js	10 kB	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/vuegtm.3359a.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen50 Hash 878db373bf77c263c9222dcde6a8015a e9b695528553768cec0ca6e81670b8ccfc55877f b8aed900cfea3a399c5b1477ac8b584e59b4c5c07d36dff1c3e16ea07bba6d93 Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js	54 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash c5507d5e3cde9976616c7e970306bf11 62663354d3f8b5b90cfa8bca93ffea0372b01c18 38ec5a4db9550e50a0afe1c192e57b3b2c18ab729d8704d5296178271fadd433 Loading...

	forms.app/phishing	436 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 665c57f5b41614992796551d522b3688 acdca375f7132388872746598b383ad619612d62 9a09ac97cc0be90e25f6f7b104ac666b076a08b62fba0a30dabf6c78209a9040 Loading...

	my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js	12 kB	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen22 Hash 6f22af0424d3234ea6dc2b5a74bdaa82 04f0f797d5e3448c26ea500414659faf16fd1c6d 5fd7d8552884d1c3bd766bd941ad0aacb74b1c1cf019dcec8b27d0fb9ad51519 Loading...

	my.forms.app/static/js/iicon.bcebb.js	12 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/iicon.bcebb.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 3482ad0eaa6af6df202e32f7e123fb6b 0ad4cd66b76f1a5e1fd698cab658e9baf6a13035 42348d790a485a536ad9f291346d7aef4102081c3725f95009987222d2a576f7 Loading...

	forms.app/phishing	59 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 36224baaac8e5a8ad6e3acee73c3262f 4ab1ae97f54a38da522273a5293d297a24f78550 585e54e20f705f059220642e77577aa0de9b7b0ab505c8000fed29d02460c992 Loading...

	forms.app/phishing	371 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 8ccc21d15ac434591ac9cb2a820884f7 cc3df88ee3bdf6a18e5ef458f58e44abf77ebe6a 437f6268f19cee01c28b07b9f24acd2959c59af2fbfea4cf28969fc81ce00044 Loading...

	forms.app/phishing	1.3 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash e4a57cf3dcfc03499d046adb27f828a3 6072256332013e10d514db05bade986e635cd042 5d7a478ffea3e08753c6c7788d0acd6c0acd34133c132fe3e69502415ae1b469 Loading...

	my.forms.app/static/js/mainheader.53158.js	7.0 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/mainheader.53158.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash f4c7462542bbf8893c02d6e6e624dcf4 ec6461e6aaafd08c7db096067a3cf196cb1b0be9 70b76a8c3918aa963e57ddd33711094d66bfcb196a5c5c0a49c872621ff3ca4a Loading...

	forms.app/phishing	4.5 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 054ec8d7a13b71c39845ceea6121f5d3 07e4c8843463aab30ea369d665d8b37bdec32ec3 1ae5cfac6209392a976bb05a374b8fa60f6110d082a0c9f0c506775245e1dd4e Loading...

	js-agent.newrelic.com/nr-spa-1216.min.js	50 kB	2023-03-07	2024-03-22
Pretty URL js-agent.newrelic.com/nr-spa-1216.min.js IP 151.101.86.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:43 Times Seen568 Hash 63e2df852d15ab21d7ff8fc4363222e8 7ee401ba652db0a4ec960350e17216cda01e22fb 545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe Loading...

	bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken	49 B	2023-03-07	2024-03-22
Pretty URL bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken IP 185.221.85.4 ASN #206998 New Relic International Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:42 Times Seen2776 Hash ada33e5b8877e743ff658bf4bfa1867c 5a78662243dac43c0ee48bcb7e05a536b84c2e38 dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82 Loading...

	certify-js.alexametrics.com/atrk.js	4.3 kB	2023-03-07	2023-11-20
Pretty URL certify-js.alexametrics.com/atrk.js IP 143.204.55.5 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2023-11-20 12:42:18 Times Seen489 Hash d89453438fbf10dcf4c13265c40d5160 02d5f4e46c94bf34e12b2d773f63f643ea2b3518 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f Loading...

	static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194	14 kB	2023-03-07	2024-04-25
Pretty URL static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP 104.18.47.230 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-25 06:01:23 Times Seen1634 Hash 19514b1be5ee33b45d32c1fcd4c67ec2 bdeab77b43cafcc638df9d7c26f1aa7f46bf1fd5 fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-WPSL383	219 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-WPSL383 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:02:14 Last Seen2023-03-07 14:02:14 Times Seen1 Hash f164258f60d018e0278382a6c610d795 d4c94d233dcc6961a2d81200c6942061d3baa89d c8e27ca7ad88b684330c65fd1421ce7054c33a7d79a8ac3e09d4d0baac3ecfc2 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:02:14 Last Seen2023-03-07 14:02:14 Times Seen1 Hash 035b3c55a5fa5e2cd663052e2b8edf33 63a1bb99e2eaaa051f5911ea4754773815b20086 e5a2a20f79dcb1d7bf7c87adda9c5f13d61df54f86ed8e5fc98f9ee9edb33477 Loading...

	my.forms.app/static/js/carousel.e5ce5.js	19 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/carousel.e5ce5.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:02:14 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 8960c61e566025c15580f4b3e2f5fc89 402fc53242a9cbd0fd514eccc158a87d98ce412f 15f46da966dadc971be9e025702f97b94b8855c3978f1dd4722905ca19ff4e6b Loading...

	connect.facebook.net/en_US/fbevents.js	103 kB	2023-03-07	2023-08-11
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:31 Last Seen2023-08-11 03:38:40 Times Seen44 Hash 026f52d67397fda8ff7ddb28ee932f39 44a56e64bfdba3ceff45066d88f3b8f3db2c9ca3 5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783 Loading...

	forms.app/assets/js/lazysizes.min.12809749.js	7.2 kB	2023-03-07	2023-03-17
Pretty URL forms.app/assets/js/lazysizes.min.12809749.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 128097497a5265b951d07bc4445072a8 da37014b95172ee145c7a5478f9861857d33cc5e 97185e25db9b6885bd39695f105c5dbf9736f51d7201059cdcc90399dfa79868 Loading...

	my.forms.app/form/629b6312bd94a175bb849970	31 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/form/629b6312bd94a175bb849970 IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:23 Times Seen1 Hash 9c3ac40ba1ac193af7d39a1238f73f1d 2737fc7f5e4b24ebe140b86bfb1b22ec70448dd4 bb9f7c291f9c4a26471fe9a5ff68819cf1abeb047007890fab6662766d81a866 Loading...

	my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js	2.8 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash e85556c6d5667d1025d90d9ad68fddc2 fdbdd5dd08f53604861a99e01aebadab88e5b688 cb18595c1ff13181511c2dedd1a8d8944f70553778ae40d1071a64fa439eec1d Loading...

	connect.facebook.net/signals/config/175163836725648?v=2.9.79&r=stable	300 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/signals/config/175163836725648?v=2.9.79&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:02:14 Last Seen2023-03-07 14:02:14 Times Seen1 Hash 4709a0846fffd4bdc06d96968c558733 12d558080a15670de6e085a8343b89afa3599fd6 7a63e8c3def2d7e5b608e509574f4cb0fcbde3775355b1c673216242085297e8 Loading...

	forms.app/phishing	311 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash ddaa30d51ee0f71c4968d3d67813b627 e637234a9d563c6d63625c9c15d30a9caaa62678 c83a831e4bea5290e196109a115452431af6120e4c1ba1dce989d489861d19b9 Loading...

	snap.licdn.com/li.lms-analytics/insight.min.js	7.8 kB	2023-03-07	2024-01-14
Pretty URL snap.licdn.com/li.lms-analytics/insight.min.js IP 23.36.76.121 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-01-14 12:48:17 Times Seen22 Hash 93e8a332e6a6de807c6ef9fdac9689ae 68a0ccb463d6abb247149a50e0a90ff32dd98ad0 b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 15:35:52 Times Seen37064983 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	my.forms.app/static/js/FormView.7077f.js	42 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormView.7077f.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash b9707ecb3adfb29f59a63771ca8b7e2a d2fe1607de480e4c46ac1284e9fa7174c3dd4e28 78de47b5ce92a31ad3ed925235c5b5bbf07072c4e3ca16fa2d099cd1916cca00 Loading...

	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:19 Last Seen2023-03-17 12:30:23 Times Seen1 Hash 70049e468e315dbffce0c07753fca6f9 6c1cb5e25675de7746ed7dbb4d103aba9faabea0 94cc0d6d41e4b4bcde2f4f3d6292224215a698f20ffe7915c04cb55146537266 Loading...

	forms.app/assets/js/login.fb59ba75.js	6.8 kB	2023-03-07	2023-03-17
Pretty URL forms.app/assets/js/login.fb59ba75.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash fb59ba7597dcd98d717c8c657a4ada34 7ee097229df4c61da22b1b0c6dc3a1924a0d2de7 f604065e360fa22332cac11edf4948e1de95987a7d55f288c2f1e0ff692ec14a Loading...

	widget.intercom.io/widget/tt7hkkgs	19 kB	2023-03-07	2024-02-11
Pretty URL widget.intercom.io/widget/tt7hkkgs IP 54.230.111.86 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:58:44 Last Seen2024-02-11 08:33:17 Times Seen1 Hash 761d51cdd698db271121fad93a8f7586 50852611d4bffcabe926bad25fafbc7409fe1c4a f3d3e4a94ac95727ce773acbc91c76e19b447b3315584ba439e2a274b7b94ce5 Loading...

	my.forms.app/form/629b6312bd94a175bb849970	382 B	2023-03-07	2024-02-04
Pretty URL my.forms.app/form/629b6312bd94a175bb849970 IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-02-04 09:27:17 Times Seen24 Hash e72e4c3e46ae36de3f9b8097d7853cc8 5eda9fa6a697b768dacdebd64dd1bc8f54c0d7c8 65a37e7ef209e27df98273622b84fe04ba8e2b872820b224901b228e1aa6ae20 Loading...

	my.forms.app/static/js/country-en.83d29.js	4.1 kB	2023-03-07	2024-04-24
Pretty URL my.forms.app/static/js/country-en.83d29.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2024-04-24 14:51:17 Times Seen35 Hash 940a407acc8939a4a5c1aee6c21b5054 2826a10137a69cdb9c0cbf90472785bbd32c9a6a adb51afb83492ea39672c5c0aa8a9f7a2f4f0c150e174adaad345ef42ecfe6b8 Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js	276 B	2023-03-07	2023-07-20
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-07-20 21:16:25 Times Seen10 Hash 60e1826dac4552933348dbc6f2195248 88464c417eddf576a5e50cfa81c23d295c10ad3b f7db3ba8fc51915040e02f20c1ebced4f77c326dde94c5918c04fd6fee821753 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 21:14:10 Times Seen840 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	www.google-analytics.com/plugins/ua/linkid.js	1.6 kB	2023-03-07	2024-04-15
Pretty URL www.google-analytics.com/plugins/ua/linkid.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-15 19:01:06 Times Seen1974 Hash 0cc3a63fe10060af4a349e5df666eefe 3e8d3925b550345123f2cab26568221fd4154f9c 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Loading...

	my.forms.app/form/629b6312bd94a175bb849970	529 B	2023-03-07	2024-02-04
Pretty URL my.forms.app/form/629b6312bd94a175bb849970 IP 104.26.6.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2024-02-04 09:27:17 Times Seen39 Hash b30e00db2b80d2fe812f8382a458c3fc 662bbe42b084b61225e0989dad839d6530d040e4 19a08fd38afae664a55ac38b648f59ed010be51d933272bc951f94f2934963e5 Loading...

	forms.app/phishing	32 kB	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 10:31:08 Times Seen1 Hash 272c2fe878c19fadf6978a4d68ef4e48 f8ead41a72e19f11ea1adda884fc3bb0448b9b8a be9123e3b842f356cbce35b0c6e625ad71a907a90c61b08411722924884f5595 Loading...

	my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js	8.3 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 500a7f736c71ced0a240208a5b5e4fd9 a397fa4ac5d5d0f5497f29c08a80ef3cacac2a60 7df7f626c1d646cc04956936ce44a4bd4834095f44e13c8665e4b44befb52a26 Loading...

	my.forms.app/static/js/isvg.cd861.js	32 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/isvg.cd861.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 7147d1eef8329de02e4b1e1d52123a53 c2f709cf0e7283031149e628daefaba4749cd34b 1d3681118a66d11b6c9ccc2385d7a8b274179c9f61fbc4fe30c24be73d64a734 Loading...

	my.forms.app/static/js/swal.4f135.js	75 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/swal.4f135.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:23 Times Seen1 Hash 1df6bb2224bc056f33b806cdbce97290 a47d85f6f99fd361a5c66d243fd5642f985be410 9d76d7c224be9260fae97ccfcf886a210f5da6ba7a082afd28b8a50de5760ce0 Loading...

	my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js	1.3 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/Account-PaymentHistory~mainheader~upgradepopup.dbf5d.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash b614081809dfa41e92edc14e82a5b369 362db7dfb24a0c389751c1ccb87a5a87bdf52a12 d2561e2e4db21b516bdb596adcad376354344c7c0c1f0ba07d7ca7c7949b7eae Loading...

	forms.app/phishing	181 B	2023-03-07	2023-03-17
Pretty URL forms.app/phishing IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:45 Last Seen2023-03-17 10:31:08 Times Seen1 Hash a3766b9d610fe82e4c33b6ce8a414143 4409220371df125aab61cd1471b891879005f76a 9553606b9ba72442d77e6e250f65ce49a0300b9076ac88460d76845ba18497f1 Loading...

	my.forms.app/static/js/runtime~app.1ad07.js	24 kB	2023-03-07	2023-03-07
Pretty URL my.forms.app/static/js/runtime~app.1ad07.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:44 Last Seen2023-03-07 14:34:07 Times Seen1 Hash 83d2bdb8f01979f1b781aff5b3eaec5b 6268c33b66691afeed8de6a5fa8d57d814e01495 18829cfee3eacba7d65c72d3ebb0f397998b9407b59cb3a07f4428900af0149d Loading...

	my.forms.app/static/js/dcomponents.15d95.js	10 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/dcomponents.15d95.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash 569fbdf6935544c3d3a1784eb4592c55 a3b077edfefeda6c8f79ba3391c0a53d1f670da3 f560c445d21dbce15e9795fb6f878e5ca8396c3af72661d0f1b909cfea3b4256 Loading...

	my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js	2.7 kB	2023-03-07	2023-03-17
Pretty URL my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js IP 104.26.7.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:44 Last Seen2023-03-17 12:33:24 Times Seen1 Hash b8ed79dad68dce90610b507401c9f468 894d7e9b1e0b2c6ecd5d2258054e2785e52986bf 40a9ce4f3b40d4574f33406995c9ffe7861b4cbf248df1c3c146d47ef679c16b Loading...

	accounts.google.com/gsi/client	190 kB	2023-03-07	2023-03-17
Pretty URL accounts.google.com/gsi/client IP 216.58.207.237 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:02 Last Seen2023-03-17 11:29:23 Times Seen1 Hash bb9b170cf3fe1819dc0257811617a304 1026a742b4a57ef7bf7c6013e794bceec68d9142 b8d7c3857a886d9acadb577eaa1f60f21b047dceeb02c961f4eee058878d1b51 Loading...

		Size	First Seen	Last Seen
	#1 Write - fe364450e1391215f596d043488f989f	15 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:02:47 Last Seen2024-04-25 15:29:32 Times Seen14303 Hash fe364450e1391215f596d043488f989f d1848aa7b5cfd853609db178070771ad67d351e9 c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e Loading...

HTTP Transactions (130)

URL IP Response Size

my.forms.app/form/629b6312bd94a175bb849970

104.26.6.145

301 Moved Permanently

0 B

URL HTTP/1.1
my.forms.app/form/629b6312bd94a175bb849970
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /form/629b6312bd94a175bb849970 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2022 01:38:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 02:38:08 GMT
Location: https://my.forms.app/form/629b6312bd94a175bb849970
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HktHVD%2F%2BMqJPjVVzu3sIMfpWZUZr2ad375ZyaecrpZ0gSGctHqDD7No%2Fy%2Fzf9Kkosg5k6v5eJ9BGrB0gRiP1tQNJjaDEl7lsDbmnHD7UxMA6uSBAwsD1V382H7YMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 747c33e04e3a0afa-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 01:05:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RW52wd0KKYuQY-2Of2z3NCsU0aLKSnxg8fd78wIiQGePJKqIuwg9qg==
Age: 1950

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9722
Expires: Fri, 09 Sep 2022 04:20:10 GMT
Date: Fri, 09 Sep 2022 01:38:08 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Dnt5Fy7oGPaNKkaGMF5kFjq7HY64aJ3aVFyfSa4Ic1Y1Ho-RbsyIVg==
age: 78694
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
652bdaaaca09a66fc9a260163eee7aeb
f59f82dd2c189cdff5c641ff7c53c5f257e1f2d2
bbaf18a14748bb922b9bd19125c78310a564b1aebb7de8f30af0be6fa390e7da

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-WPSL383

142.250.74.72

200 OK

76 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-WPSL383
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (15501)
Size
76 kB (75597 bytes)
Hash
61dfcf0f6d61428ed124c92e659cebd5
3b687eb453437f456849a665e5c255b7a6450cc6
7a7dff5cacac0b90b5d628f27d04ab353b7ef760bc83036a919c8ad6bf1a56fb

HTTP Headers

GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:08 GMT
expires: Fri, 09 Sep 2022 01:38:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75597
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 00:38:18 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 01:16:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6CPHT_U9yyq8JkM7sHiho9URqgA0RE2RlbCwPWAYaSzR9GQRslSoZg==
Age: 3590

my.forms.app/static/css/vendor.88295.css

104.26.7.145

200 OK

1.5 kB

URL HTTP/2
my.forms.app/static/css/vendor.88295.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2898), with no line terminators
Size
1.5 kB (1499 bytes)
Hash
cb7a3a5201e9ca7654cd798d100ad94b
fc62709906135710cb3ddf2e593e174e9921d5f2
0bed3318440c9242a49e3b0ec1dc9809a6635bafb4bda9d5c5ff0cbd97c2a07c

HTTP Headers

GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:19 GMT
vary: Accept-Encoding
etag: W/"6315f4c3-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXDFa5m5dJDth1OD%2FEx0UJh6odI26%2BOaHeJVrr5Ratf2z%2Fh54h%2FAes1L74homlxIUslfbR3zLzl1hKaXRpBKUTF6r1RfI7ENS6oQC6%2BkM%2BstH%2FmMdTbJXqD3yVE1gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3de340b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-794725785&l=dataLayer&cx=c

142.250.74.72

200 OK

61 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-794725785&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3012)
Size
61 kB (61289 bytes)
Hash
2e1c2c08e7df7be04d4c61cb73a5797f
6fdd7e29c4d8c94cdf4e015085e1fb662f564d1e
71dad8c5d89313033189fac904c81b6409222a57cb54923706771eb16d7f9520

HTTP Headers

GET /gtag/js?id=AW-794725785&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:08 GMT
expires: Fri, 09 Sep 2022 01:38:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61289
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
042105f89c8d64b470d84e052cd412d1
a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4
fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3712
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Last-Modified: Fri, 09 Sep 2022 00:36:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

api.forms.app/user/gettimezonefromutc

104.26.6.145

204 No Content

0 B

URL HTTP/2
api.forms.app/user/gettimezonefromutc
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 204 No Content
date: Fri, 09 Sep 2022 01:38:09 GMT
access-control-allow-headers: authorization,content-type
access-control-allow-methods: POST
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=38zNYJMrjXV8skV3C4mmp6PCUpDiE2je97YOKIlB5Dr7pP1CgT0aLnPDNmmexpY%2BLToYPJBmpRTqrGx6SYjn7oHQUSqOLglOvbtBkByJDyrNCM1TFPxScZl22iMSGEM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e75b1eb4f7-OSL
X-Firefox-Spdy: h2

my.forms.app/static/js/mainheader.53158.js

104.26.7.145

200 OK

2.8 kB

URL HTTP/2
my.forms.app/static/js/mainheader.53158.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6994), with no line terminators
Size
2.8 kB (2833 bytes)
Hash
337fe29228963beeb6ad01c8c14882a7
0632672b897ac6e82ddaef755d501a3c327c7a3c
61ed66d807746fb8a78e687008151b6ab4f429a06f4601df9aa0280914d2f10a

HTTP Headers

GET /static/js/mainheader.53158.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-1b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2AEauy1cOQ88zSHVdQqBnBPVPRLMRt%2BbL8dic5CbkSqazkEvRwEBDTgpXnNVAQ%2Fh%2F8VQsmXqhdLpdapOywz8MEdZ%2FY%2FCtWUyu5%2BpZqgzUXhl%2FvNZpD303FIeK11jg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e72f7d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext

142.250.74.10

200 OK

1.3 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.3 kB (1323 bytes)
Hash
2241fb361c857cad93c511c1c38bfef8
0c3aa12edd39c29f6778a923c6fe20f9c6e15b40
8467f9d7fc2789cdfad84383c6bcdd254b39ffd9df7b1a20737392b0e2b7fea0

HTTP Headers

GET /css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 01:38:09 GMT
date: Fri, 09 Sep 2022 01:38:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

api.forms.app/form/629b6312bd94a175bb849970/view

104.26.6.145

204 No Content

0 B

URL HTTP/2
api.forms.app/form/629b6312bd94a175bb849970/view
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /form/629b6312bd94a175bb849970/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 204 No Content
date: Fri, 09 Sep 2022 01:38:09 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zsXc1r2u5MNjV%2B1uszzmtBcVjXabAvjWSKBmTwxjZ3Q5rNQs4k52knmCLwGYYe%2BKMSdP7YSIH4cvaFiV%2FrT3YX%2FAr99UJwpKRmIxh9wLRaikUa7yA7LkWiI2bzlZPKs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e8dbccb4f7-OSL
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.39.57.61

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.57.61:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2dLEmO+zc2xpoQPOo1Hnmw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SCceexdWPewjJ9BrzqX43yxa2y8=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3d2d40f373a7ef445874e65d7f0397
087a4802f28647e830222fafc67bda30dec5fc31
4a7ff3bf120d9795d86e370be5fb2987edd4575e1ce0ab1f2f7a66ddf1e5b0d0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 234428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

my.forms.app/static/icons/apple-touch-icon.png?v=1

104.26.7.145

200 OK

5.7 kB

URL HTTP/2
my.forms.app/static/icons/apple-touch-icon.png?v=1
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.7 kB (5681 bytes)
Hash
c43b1e0fe485cb53c3fd9330372b51c3
a0901719a49fee671cffea18381c0eb187a66f88
e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000

HTTP Headers

GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 05 Sep 2022 13:08:40 GMT
etag: "6315f4d8-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqK3U1uaCPus785zwI4pCb5Tyu29ywPlGj3GrttNSpVwSJKBTzCwC5V%2BkFbkUNdDNxdDOxAe37WDZ4Ll5obvSY8nXBTb9yzz67FssMcUNlUNj2ESq81Rz5Gv%2Bt1Kgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e9983b0b55-OSL
X-Firefox-Spdy: h2

my.forms.app/static/css/swal.2ebcf.css

104.26.7.145

200 OK

4.8 kB

URL HTTP/2
my.forms.app/static/css/swal.2ebcf.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (24334), with no line terminators
Size
4.8 kB (4809 bytes)
Hash
f957701be21c816b7a39d1da031776be
3a546f51aabfbbd75a061a62fa66d7f40200c796
15ac4f91f016b2fa009c30f5265e219d52828443b7dbb18c5f7c8e45a3734487

HTTP Headers

GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:07:59 GMT
vary: Accept-Encoding
etag: W/"6315f4af-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Kmb0IdBvBrgv9MQUst6uegXx%2Bii2pnF7g%2F5%2BoDYbqwmaZJQeC7VN%2FtSshpW%2BvB5gtdqdm0P%2FapMuo91%2Bme6AzPylKbENVAUf8GXZuBAd1OH3MKZvmpoUUFmN59AiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef590b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css

104.26.7.145

200 OK

3.8 kB

URL HTTP/2
my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (17008), with no line terminators
Size
3.8 kB (3776 bytes)
Hash
f520ce0da6fea8c7270bd3e01c2ae3d0
07029e99f5df6463b90276c3908bbb38988ed59c
0c806a0af838c4a055cf7c68d026153ff0c05a616b15a884149fb942d5915932

HTTP Headers

GET /static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-4270"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gz67Z3OH6DhFyxFfrgwFbcRG0qIPQ8MwQJqrAOxN4t6YD50kOLhUz5zFmOqpYSKTkEFzbx9g5XoRCHK5f2x3Pt930JFOSVmQuZHIbtFQF9bt3Ycl3L3fvKWAbjd%2FeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f690b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/img/formsapp-logo-white.svg

104.26.7.145

200 OK

23 kB

URL HTTP/2
my.forms.app/static/img/formsapp-logo-white.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1026)
Size
23 kB (22800 bytes)
Hash
1efb1ca1a01b50a2210d27c3486544b4
d13d04f8179f13ca37dc89c541e38754352223d0
e48a76ffaad1bd523f01eb06644b6d1e524421a9d4ee9ff2ddb6d59cdaee5c3f

HTTP Headers

GET /static/img/formsapp-logo-white.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-20d5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGZklYCdB%2F4Hb4RXm4yydHwWoxfI%2F6fbmmXug%2FIpP1w0NmcJwxfeFwCuYuUFQqdqd5bEer0mWhIJ2WTz%2FlaZoNku24wDIYA3xT4wsj3iorFbrufDUEWlss40g%2FUWgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e88fef0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js

104.26.7.145

200 OK

899 B

URL HTTP/2
my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2713), with no line terminators
Size
899 B (899 bytes)
Hash
bfd232bdfb63f4ed46919b85f11a74c7
a6af3a8537fa44954c1ce64d369c71966c19a35e
e3d0892ec4a3a4b1d6aec77cbda963a8c749ad23207d509f2e9faaaecf7f28dd

HTTP Headers

GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:25 GMT
vary: Accept-Encoding
etag: W/"6315f4c9-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wL8Y%2Fb6HAmV02jpdnPUj3fC5Iiy2FOaRV%2FHebxCB%2F5iVnG%2BPKrXlAqWVztmaGrdpaDZ32JbFqf5tH13QFfF3eKz7Y1%2BBq8aeq90iJEziXXkJhaSTCPkldgFMYMwPXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f6f0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

27 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
27 kB (26737 bytes)
Hash
8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Z8yGA6dO99IDbsFTb/bhBSm7JCReACbOytVldA8kj5/+47uccLHUOP1ZlE2MI3EGfkuT3/oo6YPDwYkLizVs1A==
priority: u=3,i
content-length: 26737
x-fb-trip-id: 1904183273
date: Fri, 09 Sep 2022 01:38:09 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bat.bing.com/bat.js

204.79.197.200

200 OK

11 kB

URL HTTP/2
bat.bing.com/bat.js
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size
11 kB (11367 bytes)
Hash
293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab

HTTP Headers

GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=0333E21512CB69B315EAF00F139C6829; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:09 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC7DBE8865E3440E8F1DEA2C46BFF507 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:09Z
date: Fri, 09 Sep 2022 01:38:09 GMT
X-Firefox-Spdy: h2

my.forms.app/static/js/asyncstyles.7792f.js

104.26.7.145

200 OK

3.1 kB

URL HTTP/2
my.forms.app/static/js/asyncstyles.7792f.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
3.1 kB (3088 bytes)
Hash
10e3e4df2e441be13df1ee8cffcabafb
6bfd7607ae1573802c758ae1f5d4609f4e9b83a5
55bdba0467a5259c49b6c394e3b970a12bcfd7d1d9696e1987a4eac4f5161eb9

HTTP Headers

GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:14 GMT
vary: Accept-Encoding
etag: W/"6315f4be-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wAioCs7Ow1te7UgoztH8CFXpYy3LLtfItWrBAmcXY%2FNX7oq%2BTRnNViJIB4ltpwqnn0K5Zh0bDoetlanpTm200m8PQfJxp6m%2FCaaodMR%2Ft7Ii3s8SUnM8o2Hm2ALfnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee3d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/vuelazyload.45220.js

104.26.7.145

200 OK

7.5 kB

URL HTTP/2
my.forms.app/static/js/vuelazyload.45220.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (20439)
Size
7.5 kB (7487 bytes)
Hash
c0b0462cf502278454636ab1a77c03ed
9088d93d604d52891970008972bf8e54aacc2cf0
167014fd56f64a893fc09c199ed35c9fc8711e002ac1673649c5168dd4077efd

HTTP Headers

GET /static/js/vuelazyload.45220.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:37 GMT
vary: Accept-Encoding
etag: W/"6315f4d5-50a6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c01AvwvbaTy8HkTCOKOcX3KJUjXT2Kr0wtH0xjrpxFb0%2FfgS%2F0M3TeY%2BlP7knvDhSK%2BxE1oh5WUbbMMq58Ca63iIpUGkNe2UVT0eCx9Z9lJcJadMoK6Kjto5LweZBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef570b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f1e86d2ddbc9e712bef1dad1b5166687
a7708dcb8822d53706beb0c6a5feb021eab57d9d
946849b7035bc3e384c8323c7bbb73ecf182baf5d9b3214ebc78359a6957f3ad

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4990
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Last-Modified: Fri, 09 Sep 2022 00:14:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

www.google.com/pagead/conversion_async.js

142.250.74.164

200 OK

16 kB

URL HTTP/2
www.google.com/pagead/conversion_async.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1623)
Size
16 kB (15687 bytes)
Hash
4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:09 GMT
expires: Fri, 09 Sep 2022 01:38:09 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

my.forms.app/static/icons/favicon-16x16.png?v=1

104.26.7.145

200 OK

916 B

URL HTTP/2
my.forms.app/static/icons/favicon-16x16.png?v=1
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
916 B (916 bytes)
Hash
7b4d7d6e0968fe900568920543a5876e
c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056
2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6

HTTP Headers

GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/png
content-length: 916
last-modified: Mon, 05 Sep 2022 13:08:48 GMT
etag: "6315f4e0-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PfT2lIQp%2FxVtAZzib%2Fgj3sSPSIsi5lWagq%2F7Wzdizm6PoyWQQSS%2BzjOkGt4U%2FQ6RLeOhx3Xwb94vcKbwBMH5k7a1T5RnUB5j4Mo%2BGVQzvVJo9HGTR1rNUvtZpsT0HA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e9983c0b55-OSL
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ&gtm=2oe970&_p=405834769&cid=458440350.1662687481&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662687480&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F629b6312bd94a175bb849970&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ&gtm=2oe970&_p=405834769&cid=458440350.1662687481&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662687480&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F629b6312bd94a175bb849970&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-740JKHV4FZ&gtm=2oe970&_p=405834769&cid=458440350.1662687481&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662687480&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F629b6312bd94a175bb849970&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://my.forms.app
date: Fri, 09 Sep 2022 01:38:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ede92f781233f857c299e00d2090aeba
b7296da3b0981e9c1937bf8ebc73d5138c5fa19a
16a97da8a523d4cb06430ff26d026d14377c888e5e80a78937afba38fded3122

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/js/FormView.7077f.js

104.26.7.145

200 OK

13 kB

URL HTTP/2
my.forms.app/static/js/FormView.7077f.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (41700), with no line terminators
Size
13 kB (12730 bytes)
Hash
c19b667e39cfbc2ac19ba37a23e0ab5a
a1f7859bcda149523dea14510d854184ea24c4ad
b411fa935aede6a28c32ad08bb28f0a7e200de3886a002369f16264d694a6969

HTTP Headers

GET /static/js/FormView.7077f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-a2e4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NpxX73Mxj%2FkZ75v7FPL4JDQPwVSc46feKGiJtpj%2BJ0QHfkghmD1VNVQB5sfojTreVgCJdIuJhNAM8UCKBU4MsB2JsQluCToFSqdiM5VRJ3W5arMNaad4Xpme%2BSvFpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f730b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&gjid=1690723698&_gid=134547598.1662687481&_u=aCDAgEAjAAAAAE~&z=2052851367

142.251.1.155

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&gjid=1690723698&_gid=134547598.1662687481&_u=aCDAgEAjAAAAAE~&z=2052851367
IP
142.251.1.155:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&gjid=1690723698&_gid=134547598.1662687481&_u=aCDAgEAjAAAAAE~&z=2052851367 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://my.forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Sep 2022 01:38:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
de50d39318f58f490483c86aecd38e4c
f92177f493cb7bab9c5ce67f6b41f9214920907d
8bca037d0d46ddd72b4c1bbfc2829f96bc9e7bfb28724af3010f1441d14b7180

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
745359d372160932e8030c0199354252
1590e053a17d05095a48538fc08ff06245bac4d6
e7f798120d5e587145e512941e7c090ec2720d30d216e241f5b6f96d5b2d1241

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.forms.app/static/img/form-disable.png

104.26.7.145

200 OK

9.9 kB

URL HTTP/2
my.forms.app/static/img/form-disable.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data
Size
9.9 kB (9896 bytes)
Hash
284c5d4bb722101d9ce5f925f5c0b9e7
c610bce010897692b228623b36a8da6e78ade7f5
d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650

HTTP Headers

GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 9896
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
etag: "6315f4d3-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NiEje07HjABZOs%2FFX6PWFVL6e4LLbNXslH1Ef7keIC%2F65Hlta1%2FIHYJ%2FXUJandtXUXNV8HXvLtyAcjzRlK07p40OKz2s%2B6HricjEOyshBYBPCiHmIhTgQXSQ2wXgtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb68dd0b55-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/formsapp-logo-white.png

104.26.7.145

200 OK

1.9 kB

URL HTTP/2
forms.app/assets/img/formsapp-logo-white.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.9 kB (1902 bytes)
Hash
8edd3c97094fa7a2e082915e5704a9bf
a33b8b4cfa61188431fd90374e857346277f1590
34484856915ff1c164ffb80718c46a3fd1314e6c7484b1cc2918223d65590ca9

HTTP Headers

GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/webp
content-length: 1902
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5999
content-disposition: inline; filename="formsapp-logo-white.webp"
vary: Accept
etag: "6319f80c-176f"
last-modified: Thu, 08 Sep 2022 14:11:24 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yj3otm97P8ImlO7tHTyno0q0nuqFY4lMIGwkdEHf8P9pmAtDjSy288JxlkfD9AKBvpuvuJM6STAsEgCkeOyVhkYLj9v3%2F7qhi0TWjLWGza2VdWswQbxMJJltFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecd9570b55-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/form-builder-blank.png

104.26.7.145

200 OK

149 B

URL HTTP/2
forms.app/assets/img/form-builder-blank.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
149 B (149 bytes)
Hash
eab6bf754eb6a790cc1240262c1c3a29
9ea4eaac5215410d39dadda7a62e8b287975521a
d19c316cd024fbefdb82a69b3233eea0f502b445dbe80c17c4596f295c354f12

HTTP Headers

GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 149
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
etag: "6319f872-95"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s7h3JK3WdQKSBK%2Fgnotp0DmHeRxspC2m%2FqTu56aL%2FGC2ZQTrRNBn6VS6M6tjGUFxm5ZJiuq6QDIRZOIS%2Bb%2BCeUBH1fSBmSpbWJnPgIozawMFC7rFYxvGcyCTUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96c0b55-OSL
X-Firefox-Spdy: h2

forms.app/assets/iconfont/iconfont.woff

104.26.7.145

200 OK

18 kB

URL HTTP/2
forms.app/assets/iconfont/iconfont.woff
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 18416, version 1.0\012- data
Size
18 kB (18416 bytes)
Hash
64f7aa12b6b4451be569df62604435a5
45ce2923a9a7c71988b1528c07379233bae693dc
552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42

HTTP Headers

GET /assets/iconfont/iconfont.woff HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/font-woff
content-length: 18416
last-modified: Thu, 08 Sep 2022 14:10:33 GMT
etag: "6319f7d9-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9iF8MQ4Y6qAI97yX2%2Fjhav9P4sAzkik7U8%2FOXTQtjt6f3F4RFnrMxjKFdT9WSvc3BYN8iu2zDQZX9P1w64GYK2iilWv7P9MduvHcjztxgngxjHFT7DB%2FzE%2BsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed398d0b55-OSL
X-Firefox-Spdy: h2

certify-js.alexametrics.com/atrk.js

143.204.55.5

200 OK

4.3 kB

URL HTTP/1.1
certify-js.alexametrics.com/atrk.js
IP
143.204.55.5:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (4255), with no line terminators
Size
4.3 kB (4255 bytes)
Hash
d89453438fbf10dcf4c13265c40d5160
02d5f4e46c94bf34e12b2d773f63f643ea2b3518
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

HTTP Headers

GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dVWn6YQgmlRtSkmWZu1umZgVsKL71c7gQ3mqnaeO53rgvLRPU_70ZQ==
Age: 2324167

snap.licdn.com/li.lms-analytics/insight.min.js

23.36.76.121

200 OK

3.1 kB

URL HTTP/2
snap.licdn.com/li.lms-analytics/insight.min.js
IP
23.36.76.121:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (7751)
Size
3.1 kB (3063 bytes)
Hash
57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6

HTTP Headers

GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=28113
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3b01a4e1b6e61ede809b68f3b0f21803
f2756ddd77a39e3cd0be033bfefe493b943c65ba
e1f45a9ed2fefd1cd157f7ee4d04c18f5a3c653718b75a65204ab1ba6045247f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&_u=aCDAgEAjAAAAAE~&z=1327721450

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&_u=aCDAgEAjAAAAAE~&z=1327721450
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&_u=aCDAgEAjAAAAAE~&z=1327721450 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Sep 2022 01:38:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

forms.app/static/icons/apple-touch-icon.png?v=1

104.26.7.145

200 OK

5.7 kB

URL HTTP/2
forms.app/static/icons/apple-touch-icon.png?v=1
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.7 kB (5681 bytes)
Hash
c43b1e0fe485cb53c3fd9330372b51c3
a0901719a49fee671cffea18381c0eb187a66f88
e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000

HTTP Headers

GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 05 Sep 2022 13:08:26 GMT
etag: "6315f4ca-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ODXVA6ROuXX0jPniTs526BUUbFtcqDjTkCcSwz%2BouYlgqqOYAXyU2EbcRPQ9oEhiGV2QY5ASywjOiNCZQ5VEWRLFEOern0LwBdKKyhIKhMMA%2FuKoptqpA%2F5WbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ee69d90b55-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
721eb245d022db7af3e30ad4e6b94226
4a53b4e9ad119295498594089826bddea4d0b9a6
6f350e89f4e7a0cea74c003493ea950c768ffcbea234bcf68a818b60842a2f3e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

forms.app/static/icons/favicon-16x16.png?v=1

104.26.7.145

200 OK

916 B

URL HTTP/2
forms.app/static/icons/favicon-16x16.png?v=1
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
916 B (916 bytes)
Hash
7b4d7d6e0968fe900568920543a5876e
c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056
2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6

HTTP Headers

GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 916
last-modified: Mon, 05 Sep 2022 13:08:34 GMT
etag: "6315f4d2-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6uFhCr9sQCUWLg4sqy5soJ2mwN6qo3tY5ACGAnnSSZGEwTw5nxK%2FzXC37A13FEHBklK48VOEwYQ5ezJRQCmKHSkf7Z59BIrm19DZ3Kqeqy21QxFiy9TdVEoyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ee69dc0b55-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4215
Expires: Fri, 09 Sep 2022 02:48:25 GMT
Date: Fri, 09 Sep 2022 01:38:10 GMT
Connection: keep-alive

file.forms.app/sitefile/WhatsApp.png

104.26.7.145

200 OK

7.2 kB

URL HTTP/2
file.forms.app/sitefile/WhatsApp.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
7.2 kB (7240 bytes)
Hash
88b462cad9149195df1b4039ed8033af
872742d5e32044fac62c0d524fc20bb2c202b450
b00798e2f374e537ecef0a09129428dcf959ad0a70300813029c606385e53604

HTTP Headers

GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYPPe1bVgUj1GJARzFSiV63AUC4oYuMfVt%2FO7M0AdmKfSFcfuDxZxBD%2BG7nBxMYu4b2LgWzp6Qy51G5bo6BSRa7sSj66VfZn6lcS%2FdKIc%2FWUc5q03ZUOS0cHL5o1%2FWwb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9610b55-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4215
Expires: Fri, 09 Sep 2022 02:48:25 GMT
Date: Fri, 09 Sep 2022 01:38:10 GMT
Connection: keep-alive

my.forms.app/static/js/isvg.cd861.js

104.26.7.145

200 OK

21 kB

URL HTTP/2
my.forms.app/static/js/isvg.cd861.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32491), with no line terminators
Size
21 kB (21438 bytes)
Hash
d85306714b9a22a717c49c00cbb178e4
df00b19dba0d94ac939ebd58aba51197863aec51
a9decc5a8c4178b87f08506452aa7e4f5722770e9e7b50ff1b1d3809fa763a07

HTTP Headers

GET /static/js/isvg.cd861.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:47 GMT
vary: Accept-Encoding
etag: W/"6315f4df-7eeb"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmirSu%2Bk6QZCjz4WJFxRVJTc8QjnlDwwuxp%2BHidrb8NrSycDluTXbn%2FNRcMNE2aEq5gc9eNFF6M9QN2T8bMp%2BR8JzTfC2ZXPLtcl7Znr4CESBLZP8JQ40nsgyt%2BBSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f750b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4776 bytes)
Hash
ee9340025af774eed83fa3ae0ebb4b65
b868b62d5f2bc802c565d35ea59e200aaf6ab986
729127258be88fe97e4c777b08ba709900028c41a052b6868cab515e545e8c56

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4776
x-amzn-requestid: 49312697-395a-4058-8899-0203e69bf26b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDU5jHA_IAMFhkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63179b70-7b17771e456072e87327ff23;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 19:11:44 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -cYK4EezC3z14SwCy_1oIM5MuqfBtoiQAErl-h4t7sT1vajRvoBX1A==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:06:24 GMT
age: 12706
etag: "b868b62d5f2bc802c565d35ea59e200aaf6ab986"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

file.forms.app/sitefile/wordpress.png

104.26.7.145

200 OK

19 kB

URL HTTP/2
file.forms.app/sitefile/wordpress.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (18592 bytes)
Hash
bedd9c4871731d6e22b01d6835bcaf0e
63fba9de6e92bd1e67cf0988a03adaa141efb166
7efb82412dcd19672f989036a0637d648d9b5c13b7fc2b38b707a03f99d9a341

HTTP Headers

GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= wordpress.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysbQmPtwqje%2BL3K7MZKInxenfz47ocI3rQx4eyyLFHRRQp1s%2FNHKA3XDnUK%2FnUHvtmyoWeNiaHvpkiEFfvVDa2z7xzb1Q8lA2%2FzmwaZ7pzoq4teDGyzyCnMc%2BC3PTeNY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9630b55-OSL
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8308 bytes)
Hash
6b210b0740e1eb42fcbd3aba71ceb8b4
467e3fee064805e08a9e6e3c86b195f6aa68c433
d5ecaf9ae06ff984c86bee5005c534e3c65255e6faeb5c3837fa601740a2c5ae

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: aad6af35-824b-4591-8162-8473da7eb632
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRJcFDgIAMF0-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a623c-0f04a4db25ffcdda1fd66a25;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:44:28 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: _alya3Bv7CfG78-0nR5tDh7FdzDQGo_HVTLMGa8EQ1Dbge62rJXGbA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 45d6a557ecb29942f314e3dd736d817a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:36 GMT
etag: "467e3fee064805e08a9e6e3c86b195f6aa68c433"
content-type: image/jpeg
age: 13954
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10950 bytes)
Hash
15249f3dafdd1690bc87ebb4fa6d518d
f930fcb22325e28592bc39b0b1974f5197c19afd
a0b9e88c78e85a037363e0b0e4e03478718f8715fe69e72bfd159922eca28301

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10950
x-amzn-requestid: 435fc2f4-fbcb-4eec-81d8-a23154dcec61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YFUwZEfvIAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63186802-2348a4000430702d4e9ea132;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 09:44:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ORlM8dFTc_iThvJghFakY86D3ToJ5TCmP8Ip2PcvXCCkSKKHpWQ0Zw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:04:02 GMT
age: 12848
etag: "f930fcb22325e28592bc39b0b1974f5197c19afd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f23cc94-7224-4460-ac1e-e6f178c3e961.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6348 bytes)
Hash
3e2cb929798304af6df37283057249ad
646332f967868d58c2afa6a268677b3ea717f4f0
d490b6d3c084c92c92f34007b7f254f7d815a16d2442bbb75c8bae437d3565e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f23cc94-7224-4460-ac1e-e6f178c3e961.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6348
x-amzn-requestid: 6b54628a-cdef-4171-af77-eb009325c973
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHDxVHZvoAMFpqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631919a1-40d667983dfd5f417f4ed81b;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 22:22:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GYKU_FU20Je6se1HtcHX8_ISIOYpFnWPTHbJnnIs91pW4hvHHA2sCQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:36 GMT
age: 53708
etag: "646332f967868d58c2afa6a268677b3ea717f4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6365 bytes)
Hash
cf8614d876156699bdf11897c45e9ae8
ff2c27cf141c68259e6e85020b01efc5d41730a6
c89d6a2fdc789fc725e8bac99774f9f9f0b22000f57d32f5611525bca30002d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6365
x-amzn-requestid: dc414175-8174-4fa8-812b-1f72de48d5f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRBYEt8oAMFmyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6208-1c2417b120725a9a0642620a;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: 8Bvag9DT9hfKBaEhvBZ3UOna0tA_z7uvExg_2VVhd5yHy9BiJAkHbQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:54:52 GMT
age: 13398
etag: "ff2c27cf141c68259e6e85020b01efc5d41730a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

forms.app/assets/img/phishing.png

104.26.7.145

200 OK

5.4 kB

URL HTTP/2
forms.app/assets/img/phishing.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
5.4 kB (5380 bytes)
Hash
486e845db3badafe650b2488a8051844
b6c53a5fe798d41e3c016d9b6e9587b0aca894c9
13cbd9356bccfd1e91054818c417a05a937a14965dd3ca6a18f4ad9699cd0470

HTTP Headers

GET /assets/img/phishing.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/webp
content-length: 5380
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=16006
content-disposition: inline; filename="phishing.webp"
vary: Accept
etag: "6319f80c-3e86"
last-modified: Thu, 08 Sep 2022 14:11:24 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HIoxkSF8rp1w5iiJUWb5LNY07zKjY%2BzCkPalbjexYZ6%2B24g3Fmns%2BiSA21QscE9%2Fo3IETLAAb2pr4QTFwddTMhbTX7Y1awtrm9ag4rjBlHO%2Ba87o25qUr%2FN36w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ef6a260b55-OSL
X-Firefox-Spdy: h2

file.forms.app/sitefile/airtable.png

104.26.7.145

200 OK

7.9 kB

URL HTTP/2
file.forms.app/sitefile/airtable.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
7.9 kB (7872 bytes)
Hash
19a7c2326b69967597ddb56daf8193cd
b776238182c40619a030193004ed72a5cfb353f0
2717fab977ab9f4874181cdc47f0288934a86b0bca62101cff17d230ad85b421

HTTP Headers

GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvvspdN7ABwZMarXbfV5BqIf3nz1iWxbH5k7C%2FVJNLUYEI1yL3zSG9moSRgIc%2BJxbcWGhzSI50iJabEOrw9f2WBXMKFv6I5G8ybqpSosxPorQDH%2Bj3O1OncVf04pqh1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9650b55-OSL
X-Firefox-Spdy: h2

bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=08cc775c-9443-4e16-8d7d-030769d4ebc7&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=1&msclkid=N&evt=pageHide

204.79.197.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=08cc775c-9443-4e16-8d7d-030769d4ebc7&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=1&msclkid=N&evt=pageHide
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=08cc775c-9443-4e16-8d7d-030769d4ebc7&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=1&msclkid=N&evt=pageHide HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0BB2FCED860465992716EEF78753641A; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE904444945F48818994502F9C6FD119 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
X-Firefox-Spdy: h2

certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662687482170&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=1834255315&sess_cookie=7d7f68d41831fe591394b291448&sess_cookie_flag=1&user_cookie=7d7f68d41831fe591394b291448&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US

54.230.111.107

200 OK

43 B

URL HTTP/1.1
certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662687482170&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=1834255315&sess_cookie=7d7f68d41831fe591394b291448&sess_cookie_flag=1&user_cookie=7d7f68d41831fe591394b291448&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US
IP
54.230.111.107:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

HTTP Headers

GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662687482170&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=1834255315&sess_cookie=7d7f68d41831fe591394b291448&sess_cookie_flag=1&user_cookie=7d7f68d41831fe591394b291448&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 08 Sep 2022 03:28:58 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LJJBYVtaOiBm2glpwBp7INASv59vxqHXYydkYwCH_VCR0JVbopGvOA==
Age: 79753

bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=b7c38ef8-896f-448f-8a40-9ae3e04e038a&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=505&pt=1662687481561,,,,,0,0,0,0,0,0,42,234,234,238,501,504,505,,,&pn=0,0&evt=pageLoad&sv=1&rn=889482

204.79.197.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=b7c38ef8-896f-448f-8a40-9ae3e04e038a&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=505&pt=1662687481561,,,,,0,0,0,0,0,0,42,234,234,238,501,504,505,,,&pn=0,0&evt=pageLoad&sv=1&rn=889482
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=b7c38ef8-896f-448f-8a40-9ae3e04e038a&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F&lt=505&pt=1662687481561,,,,,0,0,0,0,0,0,42,234,234,238,501,504,505,,,&pn=0,0&evt=pageLoad&sv=1&rn=889482 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=01FE60B8E606671E0A9D72A2E7516665; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F85BADCCD8CB488CACF200A7BEE49DA7 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2302), with no line terminators
Size
1.0 kB (1035 bytes)
Hash
783744bfd3d650e24c4a0a2aa1a8c8c1
0eee4fb04180066beca79301aa79923c85b184de
c947cbd2e199186721f9c279e29d94e15ef089f4331537ca84d3c27def52270e

HTTP Headers

GET /pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Sep 2022 01:38:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1035
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Sep-2022 01:53:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
37f5817070558e8cd18fc01b1551d016
47c87d7f47faabcd296ec0869a2e27a69f43c7f2
95b2873e657b79f699b0a0d7718acff76ddc1ac3c8dd339fb88ec6e0c0da59fd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 01:38:10 GMT
Last-Modified: Fri, 09 Sep 2022 01:26:01 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WUOG6IIEMiKEC9Tws7u4LDBaQRLYroOmqXgKgfHvO5cHj5u8Olt7sA==
Age: 730

bat.bing.com/p/action/137024713.js

204.79.197.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/p/action/137024713.js
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=08C3FD4FCF2663912B31EF55CE71620B; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DEA806FBF98042B394AB1F9D59AD9A78 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
X-Firefox-Spdy: h2

px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing

13.107.42.14

302 Found

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJciDWMKxIBdwAAAYMf5bMWRfnA4AZjzZ6zR9MZQav0j3m0xRwCWlG3MrrdQE5upsBMtk8kSzxsxg; Max-Age=2592000; Expires=Sun, 09 Oct 2022 01:38:10 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIlNWnCBM3ZFQAAAYMf5bMWVmcXdElskS5WM8K2DDc-YSfihrIu5BOEAfEnGR1MmmLU_1-TuaPOFppWetoOfg; Max-Age=2592000; Expires=Sun, 09 Oct 2022 01:38:10 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&62812373-74ea-4ca2-8534-1fc5400a0dc1"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Sep-2023 01:38:10 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2341:u=1:x=1:i=1662687490:t=1662773890:v=2:sig=AQF-gDV81p6IJRHGILygQEBF4uNE7V-Y"; Expires=Sat, 10 Sep 2022 01:38:10 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoNJlDbsjn76ZqkFPhIQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9DA4366ACF7A457183BB613C9C45EBBA Ref B: OSL30EDGE0318 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue

13.107.42.14

302 Found

0 B

URL HTTP/2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&7748853f-6961-44bf-8978-42a6c685d831"; Domain=.linkedin.com; Expires=Sat, 09-Sep-2023 01:38:10 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220909013810b4743958-bff8-4e9c-8eae-17b543d3257eAQFu11tVXt3jqOuLgsgjdzpUt7WV8FA3"; Domain=.www.linkedin.com; Expires=Sat, 09-Sep-2023 01:38:10 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjI2ODc0OTA7MjswMjH+MmyYq9sjQFStI0d3rlvGzKxenH/rG0O3SLHNpTNKTg==; Domain=.linkedin.com; Expires=Wed, 08 Mar 2023 01:38:10 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2379:u=1:x=1:i=1662687491:t=1662773891:v=2:sig=AQErOLq7VWlkr5Ou1gYOZYPbcsahvWie"; Expires=Sat, 10 Sep 2022 01:38:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoNJlF1zBZvVI+P72W3A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 4EE12E085E1646CE97F32A452E7A4CEF Ref B: OSL30EDGE0318 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 0
X-Firefox-Spdy: h2

redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png

54.191.95.119

204 No Content

0 B

URL HTTP/2
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
IP
54.191.95.119:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Fri, 09 Sep 2022 01:38:11 GMT
server: Server
X-Firefox-Spdy: h2

px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true

13.107.42.14

200 OK

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&5907efe7-bd8f-4891-8824-1069c5420fcf"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Sep-2023 01:38:11 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2379:u=1:x=1:i=1662687491:t=1662773891:v=2:sig=AQErOLq7VWlkr5Ou1gYOZYPbcsahvWie"; Expires=Sat, 10 Sep 2022 01:38:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoNJlHxGK30i9uNyWVeQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: DA83D4F2B1734A758E5033DF557F89FA Ref B: OSL30EDGE0318 Ref C: 2022-09-09T01:38:11Z
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 0
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662687483034&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662687483033.2116538860&it=1662687482202&coo=false&tm=1&rqm=GET

31.13.72.36

200 OK

44 B

URL HTTP/2
www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662687483034&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662687483033.2116538860&it=1662687482202&coo=false&tm=1&rqm=GET
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
44 B (44 bytes)
Hash
b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

HTTP Headers

GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662687483034&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662687483033.2116538860&it=1662687482202&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
date: Fri, 09 Sep 2022 01:38:11 GMT
expires: Fri, 09 Sep 2022 01:38:11 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: 
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

widget.intercom.io/widget/tt7hkkgs

54.230.111.86

302 Found

0 B

URL HTTP/2
widget.intercom.io/widget/tt7hkkgs
IP
54.230.111.86:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 31 May 2022 12:39:23 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yk6uD5rEBy3eKorhqNFsNNrxrjyL99JSEVZPrUeu8W7HLJwJ_-a7Yw==
age: 8686729
X-Firefox-Spdy: h2

js-agent.newrelic.com/nr-spa-1216.min.js

151.101.86.137

200 OK

18 kB

URL HTTP/2
js-agent.newrelic.com/nr-spa-1216.min.js
IP
151.101.86.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32010)
Size
18 kB (18216 bytes)
Hash
6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a

HTTP Headers

GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 01:38:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 656
x-timer: S1662687491.345447,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2

js.intercomcdn.com/shim.latest.js

54.230.111.84

200 OK

6.2 kB

URL HTTP/2
js.intercomcdn.com/shim.latest.js
IP
54.230.111.84:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (18920), with no line terminators
Size
6.2 kB (6174 bytes)
Hash
9064982aa7fa6e4296affd2690e62e8b
35622827e3064715e58e44d13c174a58dfde7789
d1a60129296b67992e221c87ac0d304c61cb7d756a52e61cd5453b78b90a58da

HTTP Headers

GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6174
last-modified: Thu, 08 Sep 2022 17:16:40 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: Hs5P5S6o93zS8sxpJQedNqzMk0dSWgk5
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 01:36:56 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "9064982aa7fa6e4296affd2690e62e8b"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ltgE2J5tGuytJdda7-d2Eu2FWnR9TOnBBzoqzBOvdzexv6sr2iwPxA==
age: 76
X-Firefox-Spdy: h2

js.intercomcdn.com/frame.a6d4847e.js

54.230.111.84

200 OK

126 kB

URL HTTP/2
js.intercomcdn.com/frame.a6d4847e.js
IP
54.230.111.84:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
126 kB (126266 bytes)
Hash
7f2332d34c04cfdc7b1d28ee95257c23
8e6f48fe17c74bee9cd371a62e4e56ce6ca1fc61
336cce69ffa60a9750bb95c5198a87e5bf0d2792154b9c0c3593b99c236b4e6b

HTTP Headers

GET /frame.a6d4847e.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 126266
last-modified: Thu, 08 Sep 2022 17:15:16 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: 89vVFVEH72G3bm3KxXOHH5Vz4KF0Gbrt
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 01:16:53 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "7f2332d34c04cfdc7b1d28ee95257c23"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uh607u4_AOVBpXB4Mtx1_hrQOeXIXn5XZAja2o0zHT0VKdc-Rn2QUw==
age: 1283
X-Firefox-Spdy: h2

bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken

185.221.85.4

200 OK

77 B

URL HTTP/1.1
bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken
IP
185.221.85.4:0
ASN
#206998 New Relic International Limited

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef

HTTP Headers

GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 01:38:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 747c33f5a9cd991b-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=952e96f7bef88f8b; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W86R0MA84DR0JFD1pljDbM2zxtK5OE%2F7rplEdasGq83BxoQXJGCzlgMd5JF9RrGGrezXLyku3A3Bh%2BHpBIC99ixP1jx503KjGP8%2BpjFqjEH%2BaiECwZg6Q4PHW1t7RMTGWjnzDizv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip

bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2532&ck=1&ref=https://forms.app/phishing

185.221.85.4

200 OK

24 B

URL HTTP/1.1
bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2532&ck=1&ref=https://forms.app/phishing
IP
185.221.85.4:0
ASN
#206998 New Relic International Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
24 B (24 bytes)
Hash
bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

HTTP Headers

POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2532&ck=1&ref=https://forms.app/phishing HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 275
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 01:38:12 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 747c33faec87991b-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zEvgKc8linX3RvNPJh4yhSgCFaSzNv%2FKRXkhqOPosoHLhlyTXHeXlODC%2FBc2bz%2Bw0P0IgosUOWNnHOYvdIEOkpDZhAwas0qnNrfKzryFAMCADXc80Tb%2FkdRvQICEm449jufI2MOZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare

forms.app/assets/img/formsapp-logo.png

104.26.7.145

200 OK

3.5 kB

URL HTTP/2
forms.app/assets/img/formsapp-logo.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 400 x 87, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3548 bytes)
Hash
a77f4c80bac841f7d3d2aa02372b8861
840d40fc6bdfbddff8e5d917ef5b669d8c4543a2
84b597803bfe471883e8b519902994881ee7c85066fa09a5c01cf3a30bb645be

HTTP Headers

GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 3548
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
etag: "6319f872-ddc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXN%2B7Iyg7F1jRWkF7Zh40huuPHz27LKlDKloXpgm4r%2B%2BVRW5GyflRmiFaYeknjUA7kBX1OlsKY50%2Bjj8mPQWCOf7XBorIwvRjmGx5FJCSNVNPhOkVYiW0dSY0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fbdf0d0b55-OSL
X-Firefox-Spdy: h2

nexus-websocket-a.intercom.io/pubsub/5-N4m6cpK5TDE1GuicNu2Adg7F0N4RCNSJQrCQeksERtLeg5Ly2TQyuye2WnZfpqA5bzv6Vn5sz8HdaC7cDgmiX4cKMJS39EkkdNoP?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined

35.174.127.31

101 Switching Protocols

0 B

URL HTTP/1.1
nexus-websocket-a.intercom.io/pubsub/5-N4m6cpK5TDE1GuicNu2Adg7F0N4RCNSJQrCQeksERtLeg5Ly2TQyuye2WnZfpqA5bzv6Vn5sz8HdaC7cDgmiX4cKMJS39EkkdNoP?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP
35.174.127.31:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pubsub/5-N4m6cpK5TDE1GuicNu2Adg7F0N4RCNSJQrCQeksERtLeg5Ly2TQyuye2WnZfpqA5bzv6Vn5sz8HdaC7cDgmiX4cKMJS39EkkdNoP?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lznm74b55UpsxB+eBnl0iQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Fri, 09 Sep 2022 01:38:12 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FvyOUuakANRLJMJ2WTWKL232zfc=

forms.app/assets/img/google-play-logo.png

104.26.7.145

200 OK

7.6 kB

URL HTTP/2
forms.app/assets/img/google-play-logo.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 191 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7621 bytes)
Hash
b30b4bd0775acd1e172ed059d1151d4d
70d96852cfae2fdc113342e3bf46cc4ebe706815
cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b

HTTP Headers

GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 7621
last-modified: Thu, 08 Sep 2022 14:09:43 GMT
etag: "6319f7a7-1dc5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RrHNX8GoCVya7LxRAR6k21Pbs1%2F%2BY294DhoFJfvoZdafjQq1Fn47rBNoVeYVjoPKDRFwP2bdwB4SscFyHflQp0Z1Umn%2BsAVCGx6d0s2DCN%2FLq3mF6UUIIaakEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fd6faf0b55-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/huawei-app.png

104.26.7.145

200 OK

7.4 kB

URL HTTP/2
forms.app/assets/img/huawei-app.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.4 kB (7360 bytes)
Hash
86c2e696aa2528b2cb3589897ba4bfb7
598e89de6512720a92e4e94a538e2eb64d746229
eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6

HTTP Headers

GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 7360
last-modified: Thu, 08 Sep 2022 14:13:54 GMT
etag: "6319f8a2-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mdrw%2Bth0vRGOVMSC7%2BO7i217zlYecweqQFSIBNW1f4e%2Bm66vycf%2Fo7RAraoLQDZHLkLpNCCpMHYADhIc1E%2Fwd3BGLTl0fHD9JPrOO3E%2FgfKuLEVvqq0rx63gaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fd6fb00b55-OSL
X-Firefox-Spdy: h2

forms.app/assets/img/app-store-logo.png

104.26.7.145

200 OK

7.6 kB

URL HTTP/2
forms.app/assets/img/app-store-logo.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7634 bytes)
Hash
02b87ac5a0d67d23008ed83695705c23
1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5
a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736

HTTP Headers

GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 7634
last-modified: Thu, 08 Sep 2022 14:12:17 GMT
etag: "6319f841-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIcKCycfIBh9lD0jWgHwiqggh%2BZjIMJW2QB37DO0%2FDHIt6I%2FlBRjBTERXhMkI7R8k0in0i3qe3tJeqBw1%2BBX4VXFV0aQv54%2B3Oys08YZPM4eOgbLp4VSXy4%2FiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fe2fe80b55-OSL
X-Firefox-Spdy: h2

my.forms.app/static/css/iicon.8278c.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/iicon.8278c.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2buhHpuP3dxuIjhmual7Lyzgxe3%2Bck8sZNOm6Wf5xc%2FxaqjY4OSoKYR8vPZZKWMauLdmxDn4Xlckr49hoaT4gKh%2F6krz8gD8%2BjFP1vblS2atqVXGJB7BWoCAacSNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee3a0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/cdn-cgi/rum?

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/cdn-cgi/rum?
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 384
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: text/plain
access-control-allow-origin: https://my.forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 747c33eca94b0b55-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

forms.app/assets/img/templates-resources.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/assets/img/templates-resources.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
vary: Accept-Encoding
etag: W/"6319f872-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frb48mUjd0NfX0%2F2PIWOdW5CC0ltFpgHrH5mtH05AOYgr2DvfdfYbE4D4kEQDOEivoh590jdsir9O7qEqXg3AgQuKFrm8cZY7TLNIrXCHdAW14tymTiTHCM84Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96b0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/js/lazysizes.min.12809749.js

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/assets/js/lazysizes.min.12809749.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/lazysizes.min.12809749.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 14:10:33 GMT
vary: Accept-Encoding
etag: W/"6319f7d9-1c15"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s93rmp9cvdgGkx6jbhFgQKJn6e5%2FSNZ2PUBPsiweErjUJ2BapF04IutNv8%2B3TW8VPZaia2njB%2FqerEUGFaiZtXrrOJlnQ25Rd%2FK2RSdIwI6p7p2cL%2BMenb163g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed197f0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

accounts.google.com/gsi/client

216.58.207.237

200 OK

0 B

URL HTTP/2
accounts.google.com/gsi/client
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Fri, 09 Sep 2022 01:38:10 GMT
date: Fri, 09 Sep 2022 01:38:10 GMT
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-8CnaHDxK98M-E2jWn0AWcg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

my.forms.app/static/css/asyncstyles.4869d.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/asyncstyles.4869d.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5b6MxYSodeGEYw3kV%2FlUboTbMXlquw3k1e1%2B46pfD9ABa5Msd5I3uKHLzN3j6wdCu0Zp1mOZl%2BriIuMHIQFBi%2B0rYSL0aNVxmZCl3K1DslvIJzDP%2B2fUvUWtV3odA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3de370b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/excel%20copy.png

104.26.7.145

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/excel%20copy.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sR56hE6Y%2BKUZwrSP5ykTPA2C0IZXo3tJ9MS6okkvTPIwEco7pgt0lOUHYxkboft6jXV1qPX26oEhHN9I6RY8qje%2B0OIxwrxL8SYZUYpWE4C5kAuRq85lwtBN7Rin3xZ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9620b55-OSL
X-Firefox-Spdy: h2

my.forms.app/static/js/dcomponents.15d95.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/dcomponents.15d95.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:38 GMT
vary: Accept-Encoding
etag: W/"6315f4d6-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFDoIABKdcgZl6y6rcgYNkQzW49E%2FcLNMKl2CyhLaX8tvbXAqqqkGVvXbzhBYV%2BXuxuvwp%2BiVgsRXoAuj4QZgQsx8%2FUrSFHXOnLyvBMXBuMvqH4wY4jjOO3kJ6Rzhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee3e0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/iicon.bcebb.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/iicon.bcebb.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/iicon.bcebb.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:02 GMT
vary: Accept-Encoding
etag: W/"6315f4b2-2fe9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9zMijbqKaDFXP76YCVz2rek2Sy4z6D4f6KnTZUxdcY0pzs0BgT0TyOZ8X45RJWUmOJWKzQAL1jXC4fsOEKEB1xsZoOCST6LumncEiePpq4UgKw%2B3sg6dIajgsF7pA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee420b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:31 GMT
vary: Accept-Encoding
etag: W/"6315f4cf-2f93"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9z0aGgR%2BnRBjh%2BYwxQUCPvcbleKJwsoeFxSD5sDiRHdwWSJtyZQT68Xw84drkg5SenTunOedoMJpDRmAQbQy8Kq8fUvmxang42Qy76bEDWd39bq%2FgYAJoUSTWCeGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef550b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:31 GMT
vary: Accept-Encoding
etag: W/"6315f4cf-114"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bvzc5GSuYZFmAyDvCJS%2Bn0ENCQywGW%2F7%2BA75AlMz8G89E90geQu%2B3GJNizL%2F6RI88Y%2BKmBcxAIUhlviW0sDlavsK29NeIb2swjjfIAfhlfRzPzBwFGzXJQbiiuoV0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f680b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/cdn-cgi/rum?

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/cdn-cgi/rum?
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687488.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:17 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 747c341989370b55-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

my.forms.app/static/js/runtime~app.1ad07.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/runtime~app.1ad07.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/runtime~app.1ad07.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:16 GMT
vary: Accept-Encoding
etag: W/"6315f4c0-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qveQUo1ZXs1xRd8q3mHuL4L%2Bk%2B79KA4AsWNtn4GqJ4B4keoRicLS74LWSwEsJviUP9WeRQOWCCC5Nr%2BFI8vHMdx2ObwLbsp37d%2BkE2jvgIr%2BKa2VY42tkCea8QIZnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee440b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/phishing

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/phishing
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: text/html
last-modified: Thu, 08 Sep 2022 14:11:14 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2B3xAM3pgPqwKTFBwgcD4K0BTAb2gakqFQA190xQLgoGWVCgClG99VV86RrzEXrrgIc7cS7S6T29Ay0EP52WFxzSQlHSXub0XPRmf%2FXiPYR8J2GCFgkOgQ1jcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb58cc0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/logo-home.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/assets/img/logo-home.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:12:17 GMT
vary: Accept-Encoding
etag: W/"6319f841-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDQKKGNrsu7qLTeNNSpZd%2F0%2BVKcx7Y8jZDpF23KXydRR7Hrtt8r%2FO8AWJpy%2BYcPOUlhaQEAkiVdFWE%2FScepIQ4rX%2FqyCbdAoj4C%2FcJk0AVDqz%2FdpNl8DRYyArw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecd9580b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/blog-resources.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/assets/img/blog-resources.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:09:43 GMT
vary: Accept-Encoding
etag: W/"6319f7a7-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2lTeLPPB4v5vLW%2FBUGAELIhISkYoHxgSmqDQtJd3eUo0YU4uw7iE3dvc5WDvc3gYi%2FxYSNfcoWsbl94bLgttdecmB7pJv0TSGGs7WR3s%2F45uP0RYj70ROhhfOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf9690b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/js/login.fb59ba75.js

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/assets/js/login.fb59ba75.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 14:10:33 GMT
vary: Accept-Encoding
etag: W/"6319f7d9-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DFU7Pubkwvg1GZdFtRsqXIuYDbkfKcKEP2L6NjzqYXDUUYIV%2B7tuB3HnRAbwQ0WGu2SdiBNVUVRORtBrp%2Fl7%2BX5Nmc3eylrisPlf3HIUZe3quaGdi0K9hoC7Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed09790b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

js.intercomcdn.com/vendor.db1f5016.js

54.230.111.84

200 OK

0 B

URL HTTP/2
js.intercomcdn.com/vendor.db1f5016.js
IP
54.230.111.84:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /vendor.db1f5016.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103230
last-modified: Thu, 08 Sep 2022 16:19:52 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: CNo1uRhDSh4dT1NQhrW_GtXzTq3WlLQx
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 00:21:24 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "419225bddbaa8f495860fdd6b21c2a5c"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y_ss4kv8WQVzR04FNbo2vN-gp2TzI_fSBNE0KTFDsvAd7DUn7wvzWg==
age: 4609
X-Firefox-Spdy: h2

my.forms.app/form/629b6312bd94a175bb849970

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/form/629b6312bd94a175bb849970
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /form/629b6312bd94a175bb849970 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=akukP0mjunlvtT6wP6C1Hs3Wu9FQ8bDtiewO4jHxBzXKAGn5OBAq%2BAdYMmWLUyV96nIp%2F3SVW%2FiKLmX1hIk5flHaA%2B3CNOUrVOivGiyBUqTzYAF6zW%2B0sUOGiL7rtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e20d7c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/app.d858d.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/app.d858d.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/app.d858d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-107d0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BU1iFZjSC%2BGAgypHUTp4dVvOt122z5Ileunv60CMQ9CgX3P3fi008Rz%2FhwuYpXwcLBBZ9f9wOQmuNDllPDLZvLukecSafE5tFc8ap6K4B%2FpQMkWmjrGp3EouX8Q30A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3de350b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:22 GMT
vary: Accept-Encoding
etag: W/"6315f4c6-d1ec"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ad825KoBgCS44U9hSwUBShxe0iTX0V9QuCNbnKn2lSxvhhKeLvNd4iDsZwPw2wELZA8FbnuoDBOFDRU0Zf9XMNCwn12qa5TXVaHMBgQDGzuHiVeE5618S7E5ppml3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f6c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/swal.4f135.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/swal.4f135.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:29 GMT
vary: Accept-Encoding
etag: W/"6315f4cd-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=He%2BCjDCGVJFodSFPt9bebqTsnIteTciy24zbjAup7r%2F9zV5XasAUe6y6LaTaqccoZmLqiK9UBUpAeaGI0YoM%2FNRcKMhjpqIVYj6z1s%2FvRvNGCY%2F4OsrBkdGNa%2Fpwow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef5b0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/apple.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/apple.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hbGn2RMGq7jjxMp1Zn%2F33JsWg0EAGmn6UYebPm9%2B4TkNu%2B9kSxodQYo4yEBKyHd1DFkb3jVOvnejNX47XPWECqvzoyLv7JSynzULjYQUxPfRbwFhrF3aG52r2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf9700b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

api-iam.intercom.io/messenger/web/ping

75.2.88.188

200 OK

0 B

URL HTTP/2
api-iam.intercom.io/messenger/web/ping
IP
75.2.88.188:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1662687500
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13332
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: 05d9cad82336b8f9259b87b30e14811c7a641d03
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0008lf3bvh0jsf2j8dd0
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"c44956fda0831a9a31388c8767efbf4b"
x-runtime: 0.329324
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0359a879b27fffa05
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

104.18.47.230

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
104.18.47.230:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 747c33e40cf9b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pp6QZE2QaIFg2jMukYx%2B9vGNPCDmnqo71CsJuiEq9bGSffHUNDyhEcOGGAUBwnVqte4cZVC0zXdCCtrLdNyranzYhvtCxm7%2FROZDb4c1fvhzm7iHjTs2oZvtN6VtCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f660b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/FormBuilder~FormDesign~FormView.4a69f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:37 GMT
vary: Accept-Encoding
etag: W/"6315f4d5-204c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykZJI1iPDbtS554hm6TMUtVCbv5Jejo4qkFaujOaHwKpPZIkXd5VdWeUWA2PycILi38dUdFcxzqN0sG1Vs3vRDS56PxtTRvAnxDERhkutQyJAyf%2Fldg%2BKwHWLo3G3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f700b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/FormView.2e202.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/FormView.2e202.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/FormView.2e202.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-1f1e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27Nx76Ztcp3P%2FppSfLUuvHWh9V5NeVf0kj7iKoTPwmcjxiImHZneMmMCWUv%2FC1h1ClqnMIby6NrzqrSMJQrospicZfo8cSd4K4LWVpkIivOVRGeY4KFJF7HRc4WPaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f720b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/icons.2b7bf.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/icons.2b7bf.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/icons.2b7bf.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:44 GMT
vary: Accept-Encoding
etag: W/"6315f4dc-360f1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FJ14bD3VGkweqBT3pMVMlMrEjCKZD9rRCFsd77Onb56082wQYthkNYttDmcNFD098uKdvtGOpJjuWsGETSiZwlayz9MbsApSlxQHhtKZbeNHAoASnNdmJiufgETVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb88fb0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.forms.app/user/gettimezonefromutc

104.26.6.145

200 OK

0 B

URL HTTP/2
api.forms.app/user/gettimezonefromutc
IP
104.26.6.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDSz%2BvSHbv4KSo%2BRLgv49%2FrkiunnhuS39vlLPZcpheYOgxxua6dXHlQGcccrPUPPpBN2ueAzici2VFEKLCBxAyUmPMVpJ6mGuupdWz9PaumYuu9AFHlQEOSJB5Cm0WU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e86ba5b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:39 GMT
vary: Accept-Encoding
etag: W/"6315f4d7-b07"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHpHcLzw%2Fz7ywIx%2Brc6x%2FRGqjLQsRNxIAcihtLezpJKS2VbmSHaj%2B5zX0X2vX8cUjyo1YcVZxgqEwzNpYpG%2FhzV5aXIWCIaKfUV%2BVuQ9nJPhGxViD6TbblpBMZwLHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f670b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/img/logo-home.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/img/logo-home.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZmGduanxhWGIqIL4hgELNjqe8%2FUICNxH6y%2B84pHKFKopE%2B9%2FUojS3CcEUJPXh6NhEDYx8pA8yTR3w1IYOOwd5zln17vefM0xJkiqnPkCfT43An9NZVHzIrJ3trgbYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb68d70b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/img/formsapp-logo.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/img/formsapp-logo.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/formsapp-logo.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-20f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jxxwuz%2F0oXZ1rrjnaFWGp1EemdHRDmelpCs5YR%2F5qJEbu2O7DSfRSw6zvzNXRkX5anWP8P5rMxjEMiupzLsAwjLaZUcWSHlMG13sGscNNDtWu%2BbHucqPtp3n0CdGUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e88fee0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/facebook.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/facebook.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fzu45PTrTd8IBVY9tsuBCKyDic5%2BbAwFXrjnMs45b5%2BoeZONVZeN5i9mEBZjNeJUg4TnXEIHOVss3%2Blk%2FMRnt3kh%2BEMSK%2B3RI6Sof6lw%2FZSWdqbQS8y4gaL3%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96f0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/vuegtm.3359a.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/vuegtm.3359a.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:14 GMT
vary: Accept-Encoding
etag: W/"6315f4be-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0bzCdntTMXw1U7qRpzeGrLdGIkG4RXPRnYB%2FJl4BObx8Kzx%2FwtlABveHeTsushcWIhfXNwrgR6x97t60sjueBgEBhEKyDuetxasKj2uw%2BhAr%2Fxwg5qW2Ve6NwFnfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef5c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/mainheader.c3247.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/mainheader.c3247.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/mainheader.c3247.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-1405"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JZQO1gMfsM81zL2kFsgm1w9rWCSR%2FX%2BfyP7X6pXB4Su7ee%2BtYnEwuIAOQ2JW4lxIau8td7xlQKgYXhjI1jU%2FYy%2BbGrSZmEX44rbo3fTYXZSC7oYR6llidf5Y85cdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e72f7c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/js/carousel.e5ce5.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/carousel.e5ce5.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/carousel.e5ce5.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:16 GMT
vary: Accept-Encoding
etag: W/"6315f4c0-4a64"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jr8DCs%2B2%2Bkw4JEns1xyc6HZps31E%2Bv8O5xpimbznzJKSJh6rITC6EhvDf8zporwwt24c5hi%2FWjS9ELTnq46da1Yfym%2FvprZlfDeDqREq85FDs3n0EHoVHQwiAJF%2BFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e87feb0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/envelope.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/envelope.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:19 GMT
vary: Accept-Encoding
etag: W/"6315f4c3-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3rU6pUwskJanYRtY0RvcInVUV09lsbKG7XG1MUrWXh5GYMXuo79CjQYq1olwqlTi%2FjJhSdo47%2FxLLSt2fSSXVUKZLdopsYYevQ8i4BMpirvzHyfeqDeUojDPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed09780b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/cdn-cgi/rum?

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/cdn-cgi/rum?
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiZGQzYzYzZTZjN2ZjNzczNyIsInRyIjoiMDc2ZTU4MGUxMGZmMWMwYTdmMjIzZmJiYTk3NGFjZDEiLCJ0aSI6MTY2MjY4NzQ4MzA5OH19
traceparent: 00-076e580e10ff1c0a7f223fbba974acd1-dd3c63e6c7fc7737-01
tracestate: 2885732@nr=0-1-2885732-286479549-dd3c63e6c7fc7737----1662687483098
content-type: application/json
Content-Length: 15674
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:11 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 747c33f4abf70b55-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

my.forms.app/static/css/dcomponents.2f40b.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/dcomponents.2f40b.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/dcomponents.2f40b.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-194c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wti%2Bd6eLY2uTtRj6pSqk7AZGR1Jc8rMdQLymqxKUKjdk8rynJkxKmo22Z6h36zSn1an2wKZ1vKzFJrZM5KSWtAzXYoFpPZW1QYpCfoPRc6lcKWJjwDDPAnfSFiof1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee390b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c

142.250.74.72

200 OK

0 B

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:08 GMT
expires: Fri, 09 Sep 2022 01:38:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76587
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

my.forms.app/static/js/vendor.523c4.js

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/js/vendor.523c4.js
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:15 GMT
vary: Accept-Encoding
etag: W/"6315f4bf-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1wXWhJCY4iNZiUrTBc2xmHtRltCi3VEOWC1hhD5bWh9PhT%2F8E9CddB0n51Y%2FM4NCjmOvjIyyHUJNR5CWjBb55qE%2FrkdcjjMQjBejGLEdeQJCOJeEFh0hHrYbPQFIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee430b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/assets/img/help-resources.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/assets/img/help-resources.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
vary: Accept-Encoding
etag: W/"6319f872-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RMa%2Btxznz4nmc57B%2BEGo2GiMSPzjmlzHErk6%2Bt7vMTP3WRG0Ppt3ys0gXbW1%2FuROonEhGYt%2F5eQEY09H8j8IEE8dZtuQ1Vkfyu4TPXDt%2BwxGFOpvbcRv%2Blrh5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96a0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:20 GMT
vary: Accept-Encoding
etag: W/"6315f4c4-4b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6QF2ygDlPkZu%2FgsxBAR6vsYHlZiHegZ%2B91Bikxg1YpW882hJ5tzoIfT%2FqvTJOtTpuFwkWRC00ElHTI1bgh971OQGiMoffdf3mROTs55NPIUP%2BSyqAUVJTxqLPiA0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f760b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.forms.app/static/css/carousel.fb728.css

104.26.7.145

200 OK

0 B

URL HTTP/2
my.forms.app/static/css/carousel.fb728.css
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/css/carousel.fb728.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:00 GMT
vary: Accept-Encoding
etag: W/"6315f4b0-7f4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcqki02zwY%2BcTfZ%2BGuk2zQejWFxbpfek4LNcpRy2Y4NHRLEDo%2BgiMd2KBg2XHSPZQA234v6lWuqhuhOqoESe3pRPKHZxZfQc520tn%2B%2FRMpbQyUcfm0i21JaDfutKFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e87fe90b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

forms.app/static/img/use/svg/google.svg

104.26.7.145

200 OK

0 B

URL HTTP/2
forms.app/static/img/use/svg/google.svg
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWuHRwz9dAJVNhNa3c7anAo8Dcc5Jd1kspKTesiBaS8%2FKiVp19eUvygHnQPETv%2Fs%2FCvrQmIeAmmLfD6Qo9CIPvuHshhCQi9yGd0pNezKXI8LKogNGOEnGBkQ7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

file.forms.app/sitefile/Google%20Analytics.png

104.26.7.145

200 OK

0 B

URL HTTP/2
file.forms.app/sitefile/Google%20Analytics.png
IP
104.26.7.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wJm45p7OPPeyvpwZ8Y41iXKHcWTeW0F1ujGy6XmlTS57TYEMHo1RNz4Wsg9dut2dZid6c3LKHQ%2FgFV39ubd8lEbb9mKwLuhZbjvK8%2BE45WmqEKiRK8N4JIpcFEISv6DK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9600b55-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (52)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations