| my.forms.app/form/629b6312bd94a175bb849970 | 104.26.6.145 | 301 Moved Permanently | 0 B |
URL HTTP/1.1my.forms.app/form/629b6312bd94a175bb849970 IP104.26.6.145:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /form/629b6312bd94a175bb849970 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2022 01:38:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 02:38:08 GMT
Location: https://my.forms.app/form/629b6312bd94a175bb849970
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HktHVD%2F%2BMqJPjVVzu3sIMfpWZUZr2ad375ZyaecrpZ0gSGctHqDD7No%2Fy%2Fzf9Kkosg5k6v5eJ9BGrB0gRiP1tQNJjaDEl7lsDbmnHD7UxMA6uSBAwsD1V382H7YMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 747c33e04e3a0afa-OSL
alt-svc: h2=":443"; ma=60
|
|
| firefox.settings.services.mozilla.com/v1/ | 143.204.55.36 | 200 OK | 939 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/ IP143.204.55.36:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash91dd975a7b17b2922dd23c0e49314e40 57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 01:05:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RW52wd0KKYuQY-2Of2z3NCsU0aLKSnxg8fd78wIiQGePJKqIuwg9qg==
Age: 1950
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb9adda4796e3cda8d92753c46964621c 5f1eba1f6085b23dea088a91fe6f8947172f9f62 a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9722
Expires: Fri, 09 Sep 2022 04:20:10 GMT
Date: Fri, 09 Sep 2022 01:38:08 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain | 143.204.55.110 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain IP143.204.55.110:0
File typePEM certificate\012- , ASCII text Hash742edb4038f38bc533514982f3d2e861 cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1 b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Dnt5Fy7oGPaNKkaGMF5kFjq7HY64aJ3aVFyfSa4Ic1Y1Ho-RbsyIVg==
age: 78694
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash652bdaaaca09a66fc9a260163eee7aeb f59f82dd2c189cdff5c641ff7c53c5f257e1f2d2 bbaf18a14748bb922b9bd19125c78310a564b1aebb7de8f30af0be6fa390e7da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtm.js?id=GTM-WPSL383 | 142.250.74.72 | 200 OK | 76 kB |
URL HTTP/2www.googletagmanager.com/gtm.js?id=GTM-WPSL383 IP142.250.74.72:0
File typeASCII text, with very long lines (15501) Hash61dfcf0f6d61428ed124c92e659cebd5 3b687eb453437f456849a665e5c255b7a6450cc6 7a7dff5cacac0b90b5d628f27d04ab353b7ef760bc83036a919c8ad6bf1a56fb
GET /gtm.js?id=GTM-WPSL383 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:08 GMT
expires: Fri, 09 Sep 2022 01:38:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75597
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 143.204.55.36 | 200 OK | 329 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP143.204.55.36:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 00:38:18 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 01:16:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6CPHT_U9yyq8JkM7sHiho9URqgA0RE2RlbCwPWAYaSzR9GQRslSoZg==
Age: 3590
|
|
| my.forms.app/static/css/vendor.88295.css | 104.26.7.145 | 200 OK | 1.5 kB |
URL HTTP/2my.forms.app/static/css/vendor.88295.css IP104.26.7.145:0
File typeASCII text, with very long lines (2898), with no line terminators Hashcb7a3a5201e9ca7654cd798d100ad94b fc62709906135710cb3ddf2e593e174e9921d5f2 0bed3318440c9242a49e3b0ec1dc9809a6635bafb4bda9d5c5ff0cbd97c2a07c
GET /static/css/vendor.88295.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:19 GMT
vary: Accept-Encoding
etag: W/"6315f4c3-b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXDFa5m5dJDth1OD%2FEx0UJh6odI26%2BOaHeJVrr5Ratf2z%2Fh54h%2FAes1L74homlxIUslfbR3zLzl1hKaXRpBKUTF6r1RfI7ENS6oQC6%2BkM%2BstH%2FmMdTbJXqD3yVE1gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3de340b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-794725785&l=dataLayer&cx=c | 142.250.74.72 | 200 OK | 61 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=AW-794725785&l=dataLayer&cx=c IP142.250.74.72:0
File typeASCII text, with very long lines (3012) Hash2e1c2c08e7df7be04d4c61cb73a5797f 6fdd7e29c4d8c94cdf4e015085e1fb662f564d1e 71dad8c5d89313033189fac904c81b6409222a57cb54923706771eb16d7f9520
GET /gtag/js?id=AW-794725785&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:08 GMT
expires: Fri, 09 Sep 2022 01:38:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61289
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash042105f89c8d64b470d84e052cd412d1 a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4 fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3712
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Last-Modified: Fri, 09 Sep 2022 00:36:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
|
|
| api.forms.app/user/gettimezonefromutc | 104.26.6.145 | 204 No Content | 0 B |
URL HTTP/2api.forms.app/user/gettimezonefromutc IP104.26.6.145:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
date: Fri, 09 Sep 2022 01:38:09 GMT
access-control-allow-headers: authorization,content-type
access-control-allow-methods: POST
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=38zNYJMrjXV8skV3C4mmp6PCUpDiE2je97YOKIlB5Dr7pP1CgT0aLnPDNmmexpY%2BLToYPJBmpRTqrGx6SYjn7oHQUSqOLglOvbtBkByJDyrNCM1TFPxScZl22iMSGEM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e75b1eb4f7-OSL
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/mainheader.53158.js | 104.26.7.145 | 200 OK | 2.8 kB |
URL HTTP/2my.forms.app/static/js/mainheader.53158.js IP104.26.7.145:0
File typeASCII text, with very long lines (6994), with no line terminators Hash337fe29228963beeb6ad01c8c14882a7 0632672b897ac6e82ddaef755d501a3c327c7a3c 61ed66d807746fb8a78e687008151b6ab4f429a06f4601df9aa0280914d2f10a
GET /static/js/mainheader.53158.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-1b52"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2AEauy1cOQ88zSHVdQqBnBPVPRLMRt%2BbL8dic5CbkSqazkEvRwEBDTgpXnNVAQ%2Fh%2F8VQsmXqhdLpdapOywz8MEdZ%2FY%2FCtWUyu5%2BpZqgzUXhl%2FvNZpD303FIeK11jg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e72f7d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext | 142.250.74.10 | 200 OK | 1.3 kB |
URL HTTP/2fonts.googleapis.com/css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext IP142.250.74.10:0
Hash2241fb361c857cad93c511c1c38bfef8 0c3aa12edd39c29f6778a923c6fe20f9c6e15b40 8467f9d7fc2789cdfad84383c6bcdd254b39ffd9df7b1a20737392b0e2b7fea0
GET /css?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,400&;devanagari,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 01:38:09 GMT
date: Fri, 09 Sep 2022 01:38:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| api.forms.app/form/629b6312bd94a175bb849970/view | 104.26.6.145 | 204 No Content | 0 B |
URL HTTP/2api.forms.app/form/629b6312bd94a175bb849970/view IP104.26.6.145:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /form/629b6312bd94a175bb849970/view HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://my.forms.app/
Origin: https://my.forms.app
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Sep 2022 01:38:09 GMT
access-control-allow-headers: authorization
access-control-allow-methods: GET
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zsXc1r2u5MNjV%2B1uszzmtBcVjXabAvjWSKBmTwxjZ3Q5rNQs4k52knmCLwGYYe%2BKMSdP7YSIH4cvaFiV%2FrT3YX%2FAr99UJwpKRmIxh9wLRaikUa7yA7LkWiI2bzlZPKs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e8dbccb4f7-OSL
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 52.39.57.61 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP52.39.57.61:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2dLEmO+zc2xpoQPOo1Hnmw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SCceexdWPewjJ9BrzqX43yxa2y8=
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashdb3d2d40f373a7ef445874e65d7f0397 087a4802f28647e830222fafc67bda30dec5fc31 4a7ff3bf120d9795d86e370be5fb2987edd4575e1ce0ab1f2f7a66ddf1e5b0d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 142.250.74.163 | 200 OK | 45 kB |
URL HTTP/2fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP142.250.74.163:0
File typeWeb Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data Hash565ce506190ad3af920b40baf1794cec ad3cba5d06100e09449a864d3b5e58403b478b3d 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 234428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/icons/apple-touch-icon.png?v=1 | 104.26.7.145 | 200 OK | 5.7 kB |
URL HTTP/2my.forms.app/static/icons/apple-touch-icon.png?v=1 IP104.26.7.145:0
File typePNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data Hashc43b1e0fe485cb53c3fd9330372b51c3 a0901719a49fee671cffea18381c0eb187a66f88 e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000
GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 05 Sep 2022 13:08:40 GMT
etag: "6315f4d8-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqK3U1uaCPus785zwI4pCb5Tyu29ywPlGj3GrttNSpVwSJKBTzCwC5V%2BkFbkUNdDNxdDOxAe37WDZ4Ll5obvSY8nXBTb9yzz67FssMcUNlUNj2ESq81Rz5Gv%2Bt1Kgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e9983b0b55-OSL
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/swal.2ebcf.css | 104.26.7.145 | 200 OK | 4.8 kB |
URL HTTP/2my.forms.app/static/css/swal.2ebcf.css IP104.26.7.145:0
File typeASCII text, with very long lines (24334), with no line terminators Hashf957701be21c816b7a39d1da031776be 3a546f51aabfbbd75a061a62fa66d7f40200c796 15ac4f91f016b2fa009c30f5265e219d52828443b7dbb18c5f7c8e45a3734487
GET /static/css/swal.2ebcf.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:07:59 GMT
vary: Accept-Encoding
etag: W/"6315f4af-5f0e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Kmb0IdBvBrgv9MQUst6uegXx%2Bii2pnF7g%2F5%2BoDYbqwmaZJQeC7VN%2FtSshpW%2BvB5gtdqdm0P%2FapMuo91%2Bme6AzPylKbENVAUf8GXZuBAd1OH3MKZvmpoUUFmN59AiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef590b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css | 104.26.7.145 | 200 OK | 3.8 kB |
URL HTTP/2my.forms.app/static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css IP104.26.7.145:0
File typeASCII text, with very long lines (17008), with no line terminators Hashf520ce0da6fea8c7270bd3e01c2ae3d0 07029e99f5df6463b90276c3908bbb38988ed59c 0c806a0af838c4a055cf7c68d026153ff0c05a616b15a884149fb942d5915932
GET /static/css/FormBuilder~FormDesign~FormView~LocalForm.c8c09.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-4270"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gz67Z3OH6DhFyxFfrgwFbcRG0qIPQ8MwQJqrAOxN4t6YD50kOLhUz5zFmOqpYSKTkEFzbx9g5XoRCHK5f2x3Pt930JFOSVmQuZHIbtFQF9bt3Ycl3L3fvKWAbjd%2FeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f690b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/img/formsapp-logo-white.svg | 104.26.7.145 | 200 OK | 23 kB |
URL HTTP/2my.forms.app/static/img/formsapp-logo-white.svg IP104.26.7.145:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1026) Hash1efb1ca1a01b50a2210d27c3486544b4 d13d04f8179f13ca37dc89c541e38754352223d0 e48a76ffaad1bd523f01eb06644b6d1e524421a9d4ee9ff2ddb6d59cdaee5c3f
GET /static/img/formsapp-logo-white.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-20d5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGZklYCdB%2F4Hb4RXm4yydHwWoxfI%2F6fbmmXug%2FIpP1w0NmcJwxfeFwCuYuUFQqdqd5bEer0mWhIJ2WTz%2FlaZoNku24wDIYA3xT4wsj3iorFbrufDUEWlss40g%2FUWgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e88fef0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js | 104.26.7.145 | 200 OK | 899 B |
URL HTTP/2my.forms.app/static/js/FormDesign~FormView~LocalForm~shareform.853a4.js IP104.26.7.145:0
File typeASCII text, with very long lines (2713), with no line terminators Hashbfd232bdfb63f4ed46919b85f11a74c7 a6af3a8537fa44954c1ce64d369c71966c19a35e e3d0892ec4a3a4b1d6aec77cbda963a8c749ad23207d509f2e9faaaecf7f28dd
GET /static/js/FormDesign~FormView~LocalForm~shareform.853a4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:25 GMT
vary: Accept-Encoding
etag: W/"6315f4c9-a99"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wL8Y%2Fb6HAmV02jpdnPUj3fC5Iiy2FOaRV%2FHebxCB%2F5iVnG%2BPKrXlAqWVztmaGrdpaDZ32JbFqf5tH13QFfF3eKz7Y1%2BBq8aeq90iJEziXXkJhaSTCPkldgFMYMwPXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f6f0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| connect.facebook.net/en_US/fbevents.js | 31.13.72.12 | 200 OK | 27 kB |
URL HTTP/2connect.facebook.net/en_US/fbevents.js IP31.13.72.12:0
File typeASCII text, with very long lines (64348) Hash8e7e24fb3539746aa8b869558f589615 d8086d86bbd5cfacc3b6a5ef14aa917830e137dd 7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Z8yGA6dO99IDbsFTb/bhBSm7JCReACbOytVldA8kj5/+47uccLHUOP1ZlE2MI3EGfkuT3/oo6YPDwYkLizVs1A==
priority: u=3,i
content-length: 26737
x-fb-trip-id: 1904183273
date: Fri, 09 Sep 2022 01:38:09 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| bat.bing.com/bat.js | 204.79.197.200 | 200 OK | 11 kB |
IP204.79.197.200:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
File typeUnicode text, UTF-8 text, with very long lines (38826), with no line terminators Hash293ae3e0fc8b0d5c143fdf9d8490228d 3976c659b908e70818a3a1ac71860b497fe2d1a9 04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=0333E21512CB69B315EAF00F139C6829; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:09 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC7DBE8865E3440E8F1DEA2C46BFF507 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:09Z
date: Fri, 09 Sep 2022 01:38:09 GMT
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/asyncstyles.7792f.js | 104.26.7.145 | 200 OK | 3.1 kB |
URL HTTP/2my.forms.app/static/js/asyncstyles.7792f.js IP104.26.7.145:0
File typeASCII text, with no line terminators Hash10e3e4df2e441be13df1ee8cffcabafb 6bfd7607ae1573802c758ae1f5d4609f4e9b83a5 55bdba0467a5259c49b6c394e3b970a12bcfd7d1d9696e1987a4eac4f5161eb9
GET /static/js/asyncstyles.7792f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:14 GMT
vary: Accept-Encoding
etag: W/"6315f4be-10b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wAioCs7Ow1te7UgoztH8CFXpYy3LLtfItWrBAmcXY%2FNX7oq%2BTRnNViJIB4ltpwqnn0K5Zh0bDoetlanpTm200m8PQfJxp6m%2FCaaodMR%2Ft7Ii3s8SUnM8o2Hm2ALfnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee3d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/vuelazyload.45220.js | 104.26.7.145 | 200 OK | 7.5 kB |
URL HTTP/2my.forms.app/static/js/vuelazyload.45220.js IP104.26.7.145:0
File typeASCII text, with very long lines (20439) Hashc0b0462cf502278454636ab1a77c03ed 9088d93d604d52891970008972bf8e54aacc2cf0 167014fd56f64a893fc09c199ed35c9fc8711e002ac1673649c5168dd4077efd
GET /static/js/vuelazyload.45220.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:37 GMT
vary: Accept-Encoding
etag: W/"6315f4d5-50a6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c01AvwvbaTy8HkTCOKOcX3KJUjXT2Kr0wtH0xjrpxFb0%2FfgS%2F0M3TeY%2BlP7knvDhSK%2BxE1oh5WUbbMMq58Ca63iIpUGkNe2UVT0eCx9Z9lJcJadMoK6Kjto5LweZBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef570b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashf1e86d2ddbc9e712bef1dad1b5166687 a7708dcb8822d53706beb0c6a5feb021eab57d9d 946849b7035bc3e384c8323c7bbb73ecf182baf5d9b3214ebc78359a6957f3ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4990
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Last-Modified: Fri, 09 Sep 2022 00:14:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
|
|
| www.google.com/pagead/conversion_async.js | 142.250.74.164 | 200 OK | 16 kB |
URL HTTP/2www.google.com/pagead/conversion_async.js IP142.250.74.164:0
File typeASCII text, with very long lines (1623) Hash4738d969770682feba80f04bf171d65b be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7 1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:09 GMT
expires: Fri, 09 Sep 2022 01:38:09 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/icons/favicon-16x16.png?v=1 | 104.26.7.145 | 200 OK | 916 B |
URL HTTP/2my.forms.app/static/icons/favicon-16x16.png?v=1 IP104.26.7.145:0
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data Hash7b4d7d6e0968fe900568920543a5876e c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056 2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/png
content-length: 916
last-modified: Mon, 05 Sep 2022 13:08:48 GMT
etag: "6315f4e0-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PfT2lIQp%2FxVtAZzib%2Fgj3sSPSIsi5lWagq%2F7Wzdizm6PoyWQQSS%2BzjOkGt4U%2FQ6RLeOhx3Xwb94vcKbwBMH5k7a1T5RnUB5j4Mo%2BGVQzvVJo9HGTR1rNUvtZpsT0HA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e9983c0b55-OSL
X-Firefox-Spdy: h2
|
|
| region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oe970&_p=405834769&cid=458440350.1662687481&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662687480&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F629b6312bd94a175bb849970&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2 | 216.239.32.36 | 204 No Content | 0 B |
URL HTTP/2region1.google-analytics.com/g/collect?v=2&tid=G-740JKHV4FZ>m=2oe970&_p=405834769&cid=458440350.1662687481&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662687480&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F629b6312bd94a175bb849970&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-740JKHV4FZ>m=2oe970&_p=405834769&cid=458440350.1662687481&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662687480&sct=1&seg=0&dl=https%3A%2F%2Fmy.forms.app%2Fform%2F629b6312bd94a175bb849970&dt=forms.app%3A%20Online%20Form%20Builder%20%7C%20Free%20Online%20Survey%20Tool&en=page_view&_fv=1&_nsi=1&_ss=2 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://my.forms.app
date: Fri, 09 Sep 2022 01:38:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashede92f781233f857c299e00d2090aeba b7296da3b0981e9c1937bf8ebc73d5138c5fa19a 16a97da8a523d4cb06430ff26d026d14377c888e5e80a78937afba38fded3122
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| my.forms.app/static/js/FormView.7077f.js | 104.26.7.145 | 200 OK | 13 kB |
URL HTTP/2my.forms.app/static/js/FormView.7077f.js IP104.26.7.145:0
File typeASCII text, with very long lines (41700), with no line terminators Hashc19b667e39cfbc2ac19ba37a23e0ab5a a1f7859bcda149523dea14510d854184ea24c4ad b411fa935aede6a28c32ad08bb28f0a7e200de3886a002369f16264d694a6969
GET /static/js/FormView.7077f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-a2e4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NpxX73Mxj%2FkZ75v7FPL4JDQPwVSc46feKGiJtpj%2BJ0QHfkghmD1VNVQB5sfojTreVgCJdIuJhNAM8UCKBU4MsB2JsQluCToFSqdiM5VRJ3W5arMNaad4Xpme%2BSvFpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f730b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&gjid=1690723698&_gid=134547598.1662687481&_u=aCDAgEAjAAAAAE~&z=2052851367 | 142.251.1.155 | 200 OK | 4 B |
URL HTTP/2stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&gjid=1690723698&_gid=134547598.1662687481&_u=aCDAgEAjAAAAAE~&z=2052851367 IP142.251.1.155:0
File typeASCII text, with no line terminators Hash48c0473b7821185d937e685216e2168b 3743e47f8a429a5e87b86cb582d78940733d9d2e 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&gjid=1690723698&_gid=134547598.1662687481&_u=aCDAgEAjAAAAAE~&z=2052851367 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://my.forms.app
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Sep 2022 01:38:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashde50d39318f58f490483c86aecd38e4c f92177f493cb7bab9c5ce67f6b41f9214920907d 8bca037d0d46ddd72b4c1bbfc2829f96bc9e7bfb28724af3010f1441d14b7180
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash745359d372160932e8030c0199354252 1590e053a17d05095a48538fc08ff06245bac4d6 e7f798120d5e587145e512941e7c090ec2720d30d216e241f5b6f96d5b2d1241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| my.forms.app/static/img/form-disable.png | 104.26.7.145 | 200 OK | 9.9 kB |
URL HTTP/2my.forms.app/static/img/form-disable.png IP104.26.7.145:0
File typePNG image data, 639 x 488, 8-bit colormap, non-interlaced\012- data Hash284c5d4bb722101d9ce5f925f5c0b9e7 c610bce010897692b228623b36a8da6e78ade7f5 d7e6633b8d4195964f81b1cf63a9935ba15d33ab1cfd45168950077c54988650
GET /static/img/form-disable.png HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 9896
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
etag: "6315f4d3-26a8"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NiEje07HjABZOs%2FFX6PWFVL6e4LLbNXslH1Ef7keIC%2F65Hlta1%2FIHYJ%2FXUJandtXUXNV8HXvLtyAcjzRlK07p40OKz2s%2B6HricjEOyshBYBPCiHmIhTgQXSQ2wXgtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb68dd0b55-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/formsapp-logo-white.png | 104.26.7.145 | 200 OK | 1.9 kB |
URL HTTP/2forms.app/assets/img/formsapp-logo-white.png IP104.26.7.145:0
File typeRIFF (little-endian) data, Web/P image\012- data Hash8edd3c97094fa7a2e082915e5704a9bf a33b8b4cfa61188431fd90374e857346277f1590 34484856915ff1c164ffb80718c46a3fd1314e6c7484b1cc2918223d65590ca9
GET /assets/img/formsapp-logo-white.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/webp
content-length: 1902
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5999
content-disposition: inline; filename="formsapp-logo-white.webp"
vary: Accept
etag: "6319f80c-176f"
last-modified: Thu, 08 Sep 2022 14:11:24 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yj3otm97P8ImlO7tHTyno0q0nuqFY4lMIGwkdEHf8P9pmAtDjSy288JxlkfD9AKBvpuvuJM6STAsEgCkeOyVhkYLj9v3%2F7qhi0TWjLWGza2VdWswQbxMJJltFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecd9570b55-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/form-builder-blank.png | 104.26.7.145 | 200 OK | 149 B |
URL HTTP/2forms.app/assets/img/form-builder-blank.png IP104.26.7.145:0
File typePNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data Hasheab6bf754eb6a790cc1240262c1c3a29 9ea4eaac5215410d39dadda7a62e8b287975521a d19c316cd024fbefdb82a69b3233eea0f502b445dbe80c17c4596f295c354f12
GET /assets/img/form-builder-blank.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 149
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
etag: "6319f872-95"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s7h3JK3WdQKSBK%2Fgnotp0DmHeRxspC2m%2FqTu56aL%2FGC2ZQTrRNBn6VS6M6tjGUFxm5ZJiuq6QDIRZOIS%2Bb%2BCeUBH1fSBmSpbWJnPgIozawMFC7rFYxvGcyCTUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96c0b55-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/iconfont/iconfont.woff | 104.26.7.145 | 200 OK | 18 kB |
URL HTTP/2forms.app/assets/iconfont/iconfont.woff IP104.26.7.145:0
File typeWeb Open Font Format, TrueType, length 18416, version 1.0\012- data Hash64f7aa12b6b4451be569df62604435a5 45ce2923a9a7c71988b1528c07379233bae693dc 552582bda44c3dfa21a6afc8cb1e72561ed8df33ecf0218387ab57c5fe0b9d42
GET /assets/iconfont/iconfont.woff HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/font-woff
content-length: 18416
last-modified: Thu, 08 Sep 2022 14:10:33 GMT
etag: "6319f7d9-47f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9iF8MQ4Y6qAI97yX2%2Fjhav9P4sAzkik7U8%2FOXTQtjt6f3F4RFnrMxjKFdT9WSvc3BYN8iu2zDQZX9P1w64GYK2iilWv7P9MduvHcjztxgngxjHFT7DB%2FzE%2BsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed398d0b55-OSL
X-Firefox-Spdy: h2
|
|
| certify-js.alexametrics.com/atrk.js | 143.204.55.5 | 200 OK | 4.3 kB |
URL HTTP/1.1certify-js.alexametrics.com/atrk.js IP143.204.55.5:0
File typeASCII text, with very long lines (4255), with no line terminators Hashd89453438fbf10dcf4c13265c40d5160 02d5f4e46c94bf34e12b2d773f63f643ea2b3518 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
GET /atrk.js HTTP/1.1
Host: certify-js.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4255
Connection: keep-alive
Date: Sat, 13 Aug 2022 04:02:04 GMT
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
ETag: "d89453438fbf10dcf4c13265c40d5160"
Cache-Control: max-age=26920000
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dVWn6YQgmlRtSkmWZu1umZgVsKL71c7gQ3mqnaeO53rgvLRPU_70ZQ==
Age: 2324167
|
|
| snap.licdn.com/li.lms-analytics/insight.min.js | 23.36.76.121 | 200 OK | 3.1 kB |
URL HTTP/2snap.licdn.com/li.lms-analytics/insight.min.js IP23.36.76.121:0 ASN#20940 Akamai International B.V.
File typeASCII text, with very long lines (7751) Hash57efbbeb3e1d23c82b677511c67c8b0e f927ba115ef4be362694c22850ddbdd1c1b054d1 873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=28113
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashb544c4d2427305f830d70cd40f2e5263 f8d3fbf9d368742f894816ea71d8cc9016078d1f 6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash3b01a4e1b6e61ede809b68f3b0f21803 f2756ddd77a39e3cd0be033bfefe493b943c65ba e1f45a9ed2fefd1cd157f7ee4d04c18f5a3c653718b75a65204ab1ba6045247f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&_u=aCDAgEAjAAAAAE~&z=1327721450 | 142.250.74.3 | 200 OK | 42 B |
URL HTTP/2www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&_u=aCDAgEAjAAAAAE~&z=1327721450 IP142.250.74.3:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123158574-1&cid=458440350.1662687481&jid=147661371&_u=aCDAgEAjAAAAAE~&z=1327721450 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Sep 2022 01:38:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashb544c4d2427305f830d70cd40f2e5263 f8d3fbf9d368742f894816ea71d8cc9016078d1f 6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| forms.app/static/icons/apple-touch-icon.png?v=1 | 104.26.7.145 | 200 OK | 5.7 kB |
URL HTTP/2forms.app/static/icons/apple-touch-icon.png?v=1 IP104.26.7.145:0
File typePNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data Hashc43b1e0fe485cb53c3fd9330372b51c3 a0901719a49fee671cffea18381c0eb187a66f88 e8fb3cd2c0e51524797de9b6f32319cc99ea107c682119b6284ae4318dd53000
GET /static/icons/apple-touch-icon.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 5681
last-modified: Mon, 05 Sep 2022 13:08:26 GMT
etag: "6315f4ca-1631"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ODXVA6ROuXX0jPniTs526BUUbFtcqDjTkCcSwz%2BouYlgqqOYAXyU2EbcRPQ9oEhiGV2QY5ASywjOiNCZQ5VEWRLFEOern0LwBdKKyhIKhMMA%2FuKoptqpA%2F5WbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ee69d90b55-OSL
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash721eb245d022db7af3e30ad4e6b94226 4a53b4e9ad119295498594089826bddea4d0b9a6 6f350e89f4e7a0cea74c003493ea950c768ffcbea234bcf68a818b60842a2f3e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 01:38:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| forms.app/static/icons/favicon-16x16.png?v=1 | 104.26.7.145 | 200 OK | 916 B |
URL HTTP/2forms.app/static/icons/favicon-16x16.png?v=1 IP104.26.7.145:0
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data Hash7b4d7d6e0968fe900568920543a5876e c7b1a94aaf0641c9dcf02c63c05e1c0fa11a5056 2526f94c6e88105e813d05eca7d7922240669150cb3f4d6a8782615808211ec6
GET /static/icons/favicon-16x16.png?v=1 HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-length: 916
last-modified: Mon, 05 Sep 2022 13:08:34 GMT
etag: "6315f4d2-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6uFhCr9sQCUWLg4sqy5soJ2mwN6qo3tY5ACGAnnSSZGEwTw5nxK%2FzXC37A13FEHBklK48VOEwYQ5ezJRQCmKHSkf7Z59BIrm19DZ3Kqeqy21QxFiy9TdVEoyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ee69dc0b55-OSL
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashe0fbe5627b19e9ad7ad4d40c96514ae9 d9d361271987c5947d96ddacc67efb3f3a32bbd3 48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4215
Expires: Fri, 09 Sep 2022 02:48:25 GMT
Date: Fri, 09 Sep 2022 01:38:10 GMT
Connection: keep-alive
|
|
| file.forms.app/sitefile/WhatsApp.png | 104.26.7.145 | 200 OK | 7.2 kB |
URL HTTP/2file.forms.app/sitefile/WhatsApp.png IP104.26.7.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Hash88b462cad9149195df1b4039ed8033af 872742d5e32044fac62c0d524fc20bb2c202b450 b00798e2f374e537ecef0a09129428dcf959ad0a70300813029c606385e53604
GET /sitefile/WhatsApp.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= WhatsApp.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYPPe1bVgUj1GJARzFSiV63AUC4oYuMfVt%2FO7M0AdmKfSFcfuDxZxBD%2BG7nBxMYu4b2LgWzp6Qy51G5bo6BSRa7sSj66VfZn6lcS%2FdKIc%2FWUc5q03ZUOS0cHL5o1%2FWwb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9610b55-OSL
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashe0fbe5627b19e9ad7ad4d40c96514ae9 d9d361271987c5947d96ddacc67efb3f3a32bbd3 48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4215
Expires: Fri, 09 Sep 2022 02:48:25 GMT
Date: Fri, 09 Sep 2022 01:38:10 GMT
Connection: keep-alive
|
|
| my.forms.app/static/js/isvg.cd861.js | 104.26.7.145 | 200 OK | 21 kB |
URL HTTP/2my.forms.app/static/js/isvg.cd861.js IP104.26.7.145:0
File typeASCII text, with very long lines (32491), with no line terminators Hashd85306714b9a22a717c49c00cbb178e4 df00b19dba0d94ac939ebd58aba51197863aec51 a9decc5a8c4178b87f08506452aa7e4f5722770e9e7b50ff1b1d3809fa763a07
GET /static/js/isvg.cd861.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:47 GMT
vary: Accept-Encoding
etag: W/"6315f4df-7eeb"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmirSu%2Bk6QZCjz4WJFxRVJTc8QjnlDwwuxp%2BHidrb8NrSycDluTXbn%2FNRcMNE2aEq5gc9eNFF6M9QN2T8bMp%2BR8JzTfC2ZXPLtcl7Znr4CESBLZP8JQ40nsgyt%2BBSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f750b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg | 34.120.237.76 | 200 OK | 4.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashee9340025af774eed83fa3ae0ebb4b65 b868b62d5f2bc802c565d35ea59e200aaf6ab986 729127258be88fe97e4c777b08ba709900028c41a052b6868cab515e545e8c56
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F134e6c5d-5cc9-4c6a-9a5c-5703f2809918.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4776
x-amzn-requestid: 49312697-395a-4058-8899-0203e69bf26b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDU5jHA_IAMFhkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63179b70-7b17771e456072e87327ff23;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 19:11:44 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -cYK4EezC3z14SwCy_1oIM5MuqfBtoiQAErl-h4t7sT1vajRvoBX1A==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:06:24 GMT
age: 12706
etag: "b868b62d5f2bc802c565d35ea59e200aaf6ab986"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/wordpress.png | 104.26.7.145 | 200 OK | 19 kB |
URL HTTP/2file.forms.app/sitefile/wordpress.png IP104.26.7.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Hashbedd9c4871731d6e22b01d6835bcaf0e 63fba9de6e92bd1e67cf0988a03adaa141efb166 7efb82412dcd19672f989036a0637d648d9b5c13b7fc2b38b707a03f99d9a341
GET /sitefile/wordpress.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= wordpress.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysbQmPtwqje%2BL3K7MZKInxenfz47ocI3rQx4eyyLFHRRQp1s%2FNHKA3XDnUK%2FnUHvtmyoWeNiaHvpkiEFfvVDa2z7xzb1Q8lA2%2FzmwaZ7pzoq4teDGyzyCnMc%2BC3PTeNY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9630b55-OSL
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg | 34.120.237.76 | 200 OK | 8.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash6b210b0740e1eb42fcbd3aba71ceb8b4 467e3fee064805e08a9e6e3c86b195f6aa68c433 d5ecaf9ae06ff984c86bee5005c534e3c65255e6faeb5c3837fa601740a2c5ae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe67ce8-0dbe-46fe-b313-0e2a78618af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: aad6af35-824b-4591-8162-8473da7eb632
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRJcFDgIAMF0-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a623c-0f04a4db25ffcdda1fd66a25;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:44:28 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: _alya3Bv7CfG78-0nR5tDh7FdzDQGo_HVTLMGa8EQ1Dbge62rJXGbA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 45d6a557ecb29942f314e3dd736d817a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:36 GMT
etag: "467e3fee064805e08a9e6e3c86b195f6aa68c433"
content-type: image/jpeg
age: 13954
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash15249f3dafdd1690bc87ebb4fa6d518d f930fcb22325e28592bc39b0b1974f5197c19afd a0b9e88c78e85a037363e0b0e4e03478718f8715fe69e72bfd159922eca28301
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10950
x-amzn-requestid: 435fc2f4-fbcb-4eec-81d8-a23154dcec61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YFUwZEfvIAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63186802-2348a4000430702d4e9ea132;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 09:44:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ORlM8dFTc_iThvJghFakY86D3ToJ5TCmP8Ip2PcvXCCkSKKHpWQ0Zw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:04:02 GMT
age: 12848
etag: "f930fcb22325e28592bc39b0b1974f5197c19afd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f23cc94-7224-4460-ac1e-e6f178c3e961.jpeg | 34.120.237.76 | 200 OK | 6.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f23cc94-7224-4460-ac1e-e6f178c3e961.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash3e2cb929798304af6df37283057249ad 646332f967868d58c2afa6a268677b3ea717f4f0 d490b6d3c084c92c92f34007b7f254f7d815a16d2442bbb75c8bae437d3565e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f23cc94-7224-4460-ac1e-e6f178c3e961.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6348
x-amzn-requestid: 6b54628a-cdef-4171-af77-eb009325c973
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHDxVHZvoAMFpqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631919a1-40d667983dfd5f417f4ed81b;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 22:22:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GYKU_FU20Je6se1HtcHX8_ISIOYpFnWPTHbJnnIs91pW4hvHHA2sCQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:36 GMT
age: 53708
etag: "646332f967868d58c2afa6a268677b3ea717f4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashcf8614d876156699bdf11897c45e9ae8 ff2c27cf141c68259e6e85020b01efc5d41730a6 c89d6a2fdc789fc725e8bac99774f9f9f0b22000f57d32f5611525bca30002d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6365
x-amzn-requestid: dc414175-8174-4fa8-812b-1f72de48d5f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRBYEt8oAMFmyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6208-1c2417b120725a9a0642620a;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: 8Bvag9DT9hfKBaEhvBZ3UOna0tA_z7uvExg_2VVhd5yHy9BiJAkHbQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:54:52 GMT
age: 13398
etag: "ff2c27cf141c68259e6e85020b01efc5d41730a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/phishing.png | 104.26.7.145 | 200 OK | 5.4 kB |
URL HTTP/2forms.app/assets/img/phishing.png IP104.26.7.145:0
File typeRIFF (little-endian) data, Web/P image\012- data Hash486e845db3badafe650b2488a8051844 b6c53a5fe798d41e3c016d9b6e9587b0aca894c9 13cbd9356bccfd1e91054818c417a05a937a14965dd3ca6a18f4ad9699cd0470
GET /assets/img/phishing.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/webp
content-length: 5380
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=16006
content-disposition: inline; filename="phishing.webp"
vary: Accept
etag: "6319f80c-3e86"
last-modified: Thu, 08 Sep 2022 14:11:24 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HIoxkSF8rp1w5iiJUWb5LNY07zKjY%2BzCkPalbjexYZ6%2B24g3Fmns%2BiSA21QscE9%2Fo3IETLAAb2pr4QTFwddTMhbTX7Y1awtrm9ag4rjBlHO%2Ba87o25qUr%2FN36w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ef6a260b55-OSL
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/airtable.png | 104.26.7.145 | 200 OK | 7.9 kB |
URL HTTP/2file.forms.app/sitefile/airtable.png IP104.26.7.145:0
File typePNG image data, 94 x 94, 8-bit/color RGBA, non-interlaced\012- data Hash19a7c2326b69967597ddb56daf8193cd b776238182c40619a030193004ed72a5cfb353f0 2717fab977ab9f4874181cdc47f0288934a86b0bca62101cff17d230ad85b421
GET /sitefile/airtable.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= airtable.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvvspdN7ABwZMarXbfV5BqIf3nz1iWxbH5k7C%2FVJNLUYEI1yL3zSG9moSRgIc%2BJxbcWGhzSI50iJabEOrw9f2WBXMKFv6I5G8ybqpSosxPorQDH%2Bj3O1OncVf04pqh1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9650b55-OSL
X-Firefox-Spdy: h2
|
|
| bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=08cc775c-9443-4e16-8d7d-030769d4ebc7&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=1&msclkid=N&evt=pageHide | 204.79.197.200 | 204 No Content | 0 B |
URL HTTP/2bat.bing.com/actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=08cc775c-9443-4e16-8d7d-030769d4ebc7&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=1&msclkid=N&evt=pageHide IP204.79.197.200:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /actionp/0?ti=137024713&tm=gtm002&Ver=2&mid=08cc775c-9443-4e16-8d7d-030769d4ebc7&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=1&msclkid=N&evt=pageHide HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0BB2FCED860465992716EEF78753641A; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE904444945F48818994502F9C6FD119 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
X-Firefox-Spdy: h2
|
|
| certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662687482170&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=1834255315&sess_cookie=7d7f68d41831fe591394b291448&sess_cookie_flag=1&user_cookie=7d7f68d41831fe591394b291448&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US | 54.230.111.107 | 200 OK | 43 B |
URL HTTP/1.1certify.alexametrics.com/atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662687482170&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=1834255315&sess_cookie=7d7f68d41831fe591394b291448&sess_cookie_flag=1&user_cookie=7d7f68d41831fe591394b291448&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US IP54.230.111.107:0
File typeGIF image data, version 89a, 1 x 1\012- data Hash221d8352905f2c38b3cb2bd191d630b0 d804b495cb9b84b9007a25b5d85f9ae674004cde 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /atrk.gif?frame_height=939&frame_width=1280&iframe=0&title=Harmful%20Form%20Detected%20%7C%20forms.app&time=1662687482170&time_zone_offset=0&screen_params=1280x1024x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmy.forms.app%2F&host_url=https%3A%2F%2Fforms.app%2Fphishing&random_number=1834255315&sess_cookie=7d7f68d41831fe591394b291448&sess_cookie_flag=1&user_cookie=7d7f68d41831fe591394b291448&user_cookie_flag=1&dynamic=true&domain=forms.app&account=66ifw1hNdI20fn&jsv=20130128&user_lang=en-US HTTP/1.1
Host: certify.alexametrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 08 Sep 2022 03:28:58 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LJJBYVtaOiBm2glpwBp7INASv59vxqHXYydkYwCH_VCR0JVbopGvOA==
Age: 79753
|
|
| bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=b7c38ef8-896f-448f-8a40-9ae3e04e038a&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=505&pt=1662687481561,,,,,0,0,0,0,0,0,42,234,234,238,501,504,505,,,&pn=0,0&evt=pageLoad&sv=1&rn=889482 | 204.79.197.200 | 204 No Content | 0 B |
URL HTTP/2bat.bing.com/action/0?ti=137024713&tm=gtm002&Ver=2&mid=b7c38ef8-896f-448f-8a40-9ae3e04e038a&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=505&pt=1662687481561,,,,,0,0,0,0,0,0,42,234,234,238,501,504,505,,,&pn=0,0&evt=pageLoad&sv=1&rn=889482 IP204.79.197.200:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137024713&tm=gtm002&Ver=2&mid=b7c38ef8-896f-448f-8a40-9ae3e04e038a&sid=0a9571402fe011edae933da35c214798&vid=0a955c702fe011ed8cede9886daf40f8&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Harmful%20Form%20Detected%20%7C%20forms.app&kw=form,%20builder,%20formbuilder,%20free%20form%20builder,%20survey&p=https%3A%2F%2Fforms.app%2Fphishing&r=https%3A%2F%2Fmy.forms.app%2F<=505&pt=1662687481561,,,,,0,0,0,0,0,0,42,234,234,238,501,504,505,,,&pn=0,0&evt=pageLoad&sv=1&rn=889482 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=01FE60B8E606671E0A9D72A2E7516665; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F85BADCCD8CB488CACF200A7BEE49DA7 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
X-Firefox-Spdy: h2
|
|
| googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4 | 142.250.74.66 | 200 OK | 1.0 kB |
URL HTTP/2googleads.g.doubleclick.net/pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4 IP142.250.74.66:0
File typeASCII text, with very long lines (2302), with no line terminators Hash783744bfd3d650e24c4a0a2aa1a8c8c1 0eee4fb04180066beca79301aa79923c85b184de c947cbd2e199186721f9c279e29d94e15ef089f4331537ca84d3c27def52270e
GET /pagead/viewthroughconversion/587928374/?random=1662687482186&cv=9&fst=1662687482186&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg970&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fforms.app%2Fphishing&ref=https%3A%2F%2Fmy.forms.app%2F&tiba=Harmful%20Form%20Detected%20%7C%20forms.app&auid=458231517.1662687481&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Sep 2022 01:38:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1035
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Sep-2022 01:53:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.158 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.158:0
Hash37f5817070558e8cd18fc01b1551d016 47c87d7f47faabcd296ec0869a2e27a69f43c7f2 95b2873e657b79f699b0a0d7718acff76ddc1ac3c8dd339fb88ec6e0c0da59fd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 01:38:10 GMT
Last-Modified: Fri, 09 Sep 2022 01:26:01 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WUOG6IIEMiKEC9Tws7u4LDBaQRLYroOmqXgKgfHvO5cHj5u8Olt7sA==
Age: 730
|
|
| bat.bing.com/p/action/137024713.js | 204.79.197.200 | 204 No Content | 0 B |
URL HTTP/2bat.bing.com/p/action/137024713.js IP204.79.197.200:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137024713.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=08C3FD4FCF2663912B31EF55CE71620B; domain=.bing.com; expires=Wed, 04-Oct-2023 01:38:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DEA806FBF98042B394AB1F9D59AD9A78 Ref B: OSL30EDGE0306 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
X-Firefox-Spdy: h2
|
|
| px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing | 13.107.42.14 | 302 Found | 0 B |
URL HTTP/2px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing IP13.107.42.14:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJciDWMKxIBdwAAAYMf5bMWRfnA4AZjzZ6zR9MZQav0j3m0xRwCWlG3MrrdQE5upsBMtk8kSzxsxg; Max-Age=2592000; Expires=Sun, 09 Oct 2022 01:38:10 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIlNWnCBM3ZFQAAAYMf5bMWVmcXdElskS5WM8K2DDc-YSfihrIu5BOEAfEnGR1MmmLU_1-TuaPOFppWetoOfg; Max-Age=2592000; Expires=Sun, 09 Oct 2022 01:38:10 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&62812373-74ea-4ca2-8534-1fc5400a0dc1"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Sep-2023 01:38:10 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2341:u=1:x=1:i=1662687490:t=1662773890:v=2:sig=AQF-gDV81p6IJRHGILygQEBF4uNE7V-Y"; Expires=Sat, 10 Sep 2022 01:38:10 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoNJlDbsjn76ZqkFPhIQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9DA4366ACF7A457183BB613C9C45EBBA Ref B: OSL30EDGE0318 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue | 13.107.42.14 | 302 Found | 0 B |
URL HTTP/2www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue IP13.107.42.14:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3845852%26time%3D1662687482204%26url%3Dhttps%253A%252F%252Fforms.app%252Fphishing%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&7748853f-6961-44bf-8978-42a6c685d831"; Domain=.linkedin.com; Expires=Sat, 09-Sep-2023 01:38:10 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220909013810b4743958-bff8-4e9c-8eae-17b543d3257eAQFu11tVXt3jqOuLgsgjdzpUt7WV8FA3"; Domain=.www.linkedin.com; Expires=Sat, 09-Sep-2023 01:38:10 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjI2ODc0OTA7MjswMjH+MmyYq9sjQFStI0d3rlvGzKxenH/rG0O3SLHNpTNKTg==; Domain=.linkedin.com; Expires=Wed, 08 Mar 2023 01:38:10 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2379:u=1:x=1:i=1662687491:t=1662773891:v=2:sig=AQErOLq7VWlkr5Ou1gYOZYPbcsahvWie"; Expires=Sat, 10 Sep 2022 01:38:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoNJlF1zBZvVI+P72W3A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 4EE12E085E1646CE97F32A452E7A4CEF Ref B: OSL30EDGE0318 Ref C: 2022-09-09T01:38:10Z
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png | 54.191.95.119 | 204 No Content | 0 B |
URL HTTP/2redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png IP54.191.95.119:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x.png HTTP/1.1
Host: redirect.prod.experiment.routing.cloudfront.aws.a2z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Sep 2022 01:38:11 GMT
server: Server
X-Firefox-Spdy: h2
|
|
| px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true | 13.107.42.14 | 200 OK | 0 B |
URL HTTP/2px.ads.linkedin.com/collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true IP13.107.42.14:0 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3845852&time=1662687482204&url=https%3A%2F%2Fforms.app%2Fphishing&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&5907efe7-bd8f-4891-8824-1069c5420fcf"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Sep-2023 01:38:11 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2379:u=1:x=1:i=1662687491:t=1662773891:v=2:sig=AQErOLq7VWlkr5Ou1gYOZYPbcsahvWie"; Expires=Sat, 10 Sep 2022 01:38:11 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoNJlHxGK30i9uNyWVeQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: DA83D4F2B1734A758E5033DF557F89FA Ref B: OSL30EDGE0318 Ref C: 2022-09-09T01:38:11Z
date: Fri, 09 Sep 2022 01:38:10 GMT
content-length: 0
X-Firefox-Spdy: h2
|
|
| www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662687483034&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662687483033.2116538860&it=1662687482202&coo=false&tm=1&rqm=GET | 31.13.72.36 | 200 OK | 44 B |
URL HTTP/2www.facebook.com/tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662687483034&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662687483033.2116538860&it=1662687482202&coo=false&tm=1&rqm=GET IP31.13.72.36:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashb798f4ce7359fd815df4bdf76503b295 f8cc6addf1707ad236ad9970b0a48f9733d07da5 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=175163836725648&ev=PageView&dl=https%3A%2F%2Fforms.app%2Fphishing&rl=https%3A%2F%2Fmy.forms.app%2F&if=false&ts=1662687483034&sw=1280&sh=1024&v=2.9.79&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662687483033.2116538860&it=1662687482202&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Fri, 09 Sep 2022 01:38:11 GMT
expires: Fri, 09 Sep 2022 01:38:11 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| widget.intercom.io/widget/tt7hkkgs | 54.230.111.86 | 302 Found | 0 B |
URL HTTP/2widget.intercom.io/widget/tt7hkkgs IP54.230.111.86:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /widget/tt7hkkgs HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
location: https://js.intercomcdn.com/shim.latest.js
date: Tue, 31 May 2022 12:39:23 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yk6uD5rEBy3eKorhqNFsNNrxrjyL99JSEVZPrUeu8W7HLJwJ_-a7Yw==
age: 8686729
X-Firefox-Spdy: h2
|
|
| js-agent.newrelic.com/nr-spa-1216.min.js | 151.101.86.137 | 200 OK | 18 kB |
URL HTTP/2js-agent.newrelic.com/nr-spa-1216.min.js IP151.101.86.137:0
File typeASCII text, with very long lines (32010) Hash6561a2403142205f966207d61576f1a6 1310e72f494e12ab63a4280fc1600a2c89dc9bb8 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 01:38:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 656
x-timer: S1662687491.345447,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
|
|
| js.intercomcdn.com/shim.latest.js | 54.230.111.84 | 200 OK | 6.2 kB |
URL HTTP/2js.intercomcdn.com/shim.latest.js IP54.230.111.84:0
File typeUnicode text, UTF-8 text, with very long lines (18920), with no line terminators Hash9064982aa7fa6e4296affd2690e62e8b 35622827e3064715e58e44d13c174a58dfde7789 d1a60129296b67992e221c87ac0d304c61cb7d756a52e61cd5453b78b90a58da
GET /shim.latest.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forms.app/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6174
last-modified: Thu, 08 Sep 2022 17:16:40 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: Hs5P5S6o93zS8sxpJQedNqzMk0dSWgk5
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 01:36:56 GMT
cache-control: max-age=300, s-maxage=300, public
etag: "9064982aa7fa6e4296affd2690e62e8b"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ltgE2J5tGuytJdda7-d2Eu2FWnR9TOnBBzoqzBOvdzexv6sr2iwPxA==
age: 76
X-Firefox-Spdy: h2
|
|
| js.intercomcdn.com/frame.a6d4847e.js | 54.230.111.84 | 200 OK | 126 kB |
URL HTTP/2js.intercomcdn.com/frame.a6d4847e.js IP54.230.111.84:0
File typeASCII text, with very long lines (65536), with no line terminators Size126 kB (126266 bytes) Hash7f2332d34c04cfdc7b1d28ee95257c23 8e6f48fe17c74bee9cd371a62e4e56ce6ca1fc61 336cce69ffa60a9750bb95c5198a87e5bf0d2792154b9c0c3593b99c236b4e6b
GET /frame.a6d4847e.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 126266
last-modified: Thu, 08 Sep 2022 17:15:16 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: 89vVFVEH72G3bm3KxXOHH5Vz4KF0Gbrt
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 01:16:53 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "7f2332d34c04cfdc7b1d28ee95257c23"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uh607u4_AOVBpXB4Mtx1_hrQOeXIXn5XZAja2o0zHT0VKdc-Rn2QUw==
age: 1283
X-Firefox-Spdy: h2
|
|
| bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken | 185.221.85.4 | 200 OK | 77 B |
URL HTTP/1.1bam.eu01.nr-data.net/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken IP185.221.85.4:0 ASN#206998 New Relic International Limited
File typeASCII text, with no line terminators Hashf1442f5831dbbe0210da2d7a4180d6b8 2ade23c6c7a001c66f0c0a9a101ec152747b434e c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1601&ck=1&ref=https://forms.app/phishing&be=271&fe=1522&dc=505&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662687481561,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:42,%22rp%22:234,%22rpe%22:234,%22dl%22:238,%22di%22:501,%22ds%22:504,%22de%22:505,%22dc%22:1521,%22l%22:1521,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fcp=362&jsonp=NREUM.setToken HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 01:38:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 747c33f5a9cd991b-ARN
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=952e96f7bef88f8b; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W86R0MA84DR0JFD1pljDbM2zxtK5OE%2F7rplEdasGq83BxoQXJGCzlgMd5JF9RrGGrezXLyku3A3Bh%2BHpBIC99ixP1jx503KjGP8%2BpjFqjEH%2BaiECwZg6Q4PHW1t7RMTGWjnzDizv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
|
|
| bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2532&ck=1&ref=https://forms.app/phishing | 185.221.85.4 | 200 OK | 24 B |
URL HTTP/1.1bam.eu01.nr-data.net/events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2532&ck=1&ref=https://forms.app/phishing IP185.221.85.4:0 ASN#206998 New Relic International Limited
File typeGIF image data, version 89a, 1 x 1\012- data Hashbc32ed98d624acb4008f986349a20d26 2d3df8c11d2168ce2c27e0937421d11d85016361 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-580814bddd7fd407f24?a=286479549&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=2532&ck=1&ref=https://forms.app/phishing HTTP/1.1
Host: bam.eu01.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 275
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 01:38:12 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 747c33faec87991b-ARN
Access-Control-Allow-Origin: https://forms.app
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-envoy-upstream-service-time: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zEvgKc8linX3RvNPJh4yhSgCFaSzNv%2FKRXkhqOPosoHLhlyTXHeXlODC%2FBc2bz%2Bw0P0IgosUOWNnHOYvdIEOkpDZhAwas0qnNrfKzryFAMCADXc80Tb%2FkdRvQICEm449jufI2MOZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
|
|
| forms.app/assets/img/formsapp-logo.png | 104.26.7.145 | 200 OK | 3.5 kB |
URL HTTP/2forms.app/assets/img/formsapp-logo.png IP104.26.7.145:0
File typePNG image data, 400 x 87, 8-bit colormap, non-interlaced\012- data Hasha77f4c80bac841f7d3d2aa02372b8861 840d40fc6bdfbddff8e5d917ef5b669d8c4543a2 84b597803bfe471883e8b519902994881ee7c85066fa09a5c01cf3a30bb645be
GET /assets/img/formsapp-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 3548
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
etag: "6319f872-ddc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXN%2B7Iyg7F1jRWkF7Zh40huuPHz27LKlDKloXpgm4r%2B%2BVRW5GyflRmiFaYeknjUA7kBX1OlsKY50%2Bjj8mPQWCOf7XBorIwvRjmGx5FJCSNVNPhOkVYiW0dSY0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fbdf0d0b55-OSL
X-Firefox-Spdy: h2
|
|
| nexus-websocket-a.intercom.io/pubsub/5-N4m6cpK5TDE1GuicNu2Adg7F0N4RCNSJQrCQeksERtLeg5Ly2TQyuye2WnZfpqA5bzv6Vn5sz8HdaC7cDgmiX4cKMJS39EkkdNoP?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined | 35.174.127.31 | 101 Switching Protocols | 0 B |
URL HTTP/1.1nexus-websocket-a.intercom.io/pubsub/5-N4m6cpK5TDE1GuicNu2Adg7F0N4RCNSJQrCQeksERtLeg5Ly2TQyuye2WnZfpqA5bzv6Vn5sz8HdaC7cDgmiX4cKMJS39EkkdNoP?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined IP35.174.127.31:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pubsub/5-N4m6cpK5TDE1GuicNu2Adg7F0N4RCNSJQrCQeksERtLeg5Ly2TQyuye2WnZfpqA5bzv6Vn5sz8HdaC7cDgmiX4cKMJS39EkkdNoP?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://forms.app
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lznm74b55UpsxB+eBnl0iQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Fri, 09 Sep 2022 01:38:12 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FvyOUuakANRLJMJ2WTWKL232zfc=
|
|
| forms.app/assets/img/google-play-logo.png | 104.26.7.145 | 200 OK | 7.6 kB |
URL HTTP/2forms.app/assets/img/google-play-logo.png IP104.26.7.145:0
File typePNG image data, 191 x 66, 8-bit/color RGBA, non-interlaced\012- data Hashb30b4bd0775acd1e172ed059d1151d4d 70d96852cfae2fdc113342e3bf46cc4ebe706815 cfa2f26c04145c802b0c48f005e7a59e842e92fc60687aac81862bd942a7511b
GET /assets/img/google-play-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 7621
last-modified: Thu, 08 Sep 2022 14:09:43 GMT
etag: "6319f7a7-1dc5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RrHNX8GoCVya7LxRAR6k21Pbs1%2F%2BY294DhoFJfvoZdafjQq1Fn47rBNoVeYVjoPKDRFwP2bdwB4SscFyHflQp0Z1Umn%2BsAVCGx6d0s2DCN%2FLq3mF6UUIIaakEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fd6faf0b55-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/huawei-app.png | 104.26.7.145 | 200 OK | 7.4 kB |
URL HTTP/2forms.app/assets/img/huawei-app.png IP104.26.7.145:0
File typePNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data Hash86c2e696aa2528b2cb3589897ba4bfb7 598e89de6512720a92e4e94a538e2eb64d746229 eb15b14eae843ae5db180d6b8fa18e1252b5d258e5d19b2712afd48fb786f6a6
GET /assets/img/huawei-app.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 7360
last-modified: Thu, 08 Sep 2022 14:13:54 GMT
etag: "6319f8a2-1cc0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mdrw%2Bth0vRGOVMSC7%2BO7i217zlYecweqQFSIBNW1f4e%2Bm66vycf%2Fo7RAraoLQDZHLkLpNCCpMHYADhIc1E%2Fwd3BGLTl0fHD9JPrOO3E%2FgfKuLEVvqq0rx63gaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fd6fb00b55-OSL
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/app-store-logo.png | 104.26.7.145 | 200 OK | 7.6 kB |
URL HTTP/2forms.app/assets/img/app-store-logo.png IP104.26.7.145:0
File typePNG image data, 189 x 66, 8-bit/color RGBA, non-interlaced\012- data Hash02b87ac5a0d67d23008ed83695705c23 1e1649692ad918f9e7ff2be33a1d9c4add4c9cd5 a2d3569c828c15edec118217fe8378eead86687cd266aa2c3d44fc3466874736
GET /assets/img/app-store-logo.png HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: image/png
content-length: 7634
last-modified: Thu, 08 Sep 2022 14:12:17 GMT
etag: "6319f841-1dd2"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIcKCycfIBh9lD0jWgHwiqggh%2BZjIMJW2QB37DO0%2FDHIt6I%2FlBRjBTERXhMkI7R8k0in0i3qe3tJeqBw1%2BBX4VXFV0aQv54%2B3Oys08YZPM4eOgbLp4VSXy4%2FiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33fe2fe80b55-OSL
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/iicon.8278c.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/iicon.8278c.css IP104.26.7.145:0
GET /static/css/iicon.8278c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-23e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2buhHpuP3dxuIjhmual7Lyzgxe3%2Bck8sZNOm6Wf5xc%2FxaqjY4OSoKYR8vPZZKWMauLdmxDn4Xlckr49hoaT4gKh%2F6krz8gD8%2BjFP1vblS2atqVXGJB7BWoCAacSNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee3a0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/cdn-cgi/rum? | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/cdn-cgi/rum? IP104.26.7.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 384
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: text/plain
access-control-allow-origin: https://my.forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 747c33eca94b0b55-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/templates-resources.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/img/templates-resources.svg IP104.26.7.145:0
GET /assets/img/templates-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
vary: Accept-Encoding
etag: W/"6319f872-30e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frb48mUjd0NfX0%2F2PIWOdW5CC0ltFpgHrH5mtH05AOYgr2DvfdfYbE4D4kEQDOEivoh590jdsir9O7qEqXg3AgQuKFrm8cZY7TLNIrXCHdAW14tymTiTHCM84Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96b0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/js/lazysizes.min.12809749.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/js/lazysizes.min.12809749.js IP104.26.7.145:0
GET /assets/js/lazysizes.min.12809749.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 14:10:33 GMT
vary: Accept-Encoding
etag: W/"6319f7d9-1c15"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s93rmp9cvdgGkx6jbhFgQKJn6e5%2FSNZ2PUBPsiweErjUJ2BapF04IutNv8%2B3TW8VPZaia2njB%2FqerEUGFaiZtXrrOJlnQ25Rd%2FK2RSdIwI6p7p2cL%2BMenb163g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed197f0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| accounts.google.com/gsi/client | 216.58.207.237 | 200 OK | 0 B |
URL HTTP/2accounts.google.com/gsi/client IP216.58.207.237:0
GET /gsi/client HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
expires: Fri, 09 Sep 2022 01:38:10 GMT
date: Fri, 09 Sep 2022 01:38:10 GMT
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-8CnaHDxK98M-E2jWn0AWcg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/asyncstyles.4869d.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/asyncstyles.4869d.css IP104.26.7.145:0
GET /static/css/asyncstyles.4869d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-2555"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5b6MxYSodeGEYw3kV%2FlUboTbMXlquw3k1e1%2B46pfD9ABa5Msd5I3uKHLzN3j6wdCu0Zp1mOZl%2BriIuMHIQFBi%2B0rYSL0aNVxmZCl3K1DslvIJzDP%2B2fUvUWtV3odA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3de370b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/excel%20copy.png | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2file.forms.app/sitefile/excel%20copy.png IP104.26.7.145:0
GET /sitefile/excel%20copy.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= excel copy.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sR56hE6Y%2BKUZwrSP5ykTPA2C0IZXo3tJ9MS6okkvTPIwEco7pgt0lOUHYxkboft6jXV1qPX26oEhHN9I6RY8qje%2B0OIxwrxL8SYZUYpWE4C5kAuRq85lwtBN7Rin3xZ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9620b55-OSL
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/dcomponents.15d95.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/dcomponents.15d95.js IP104.26.7.145:0
GET /static/js/dcomponents.15d95.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:38 GMT
vary: Accept-Encoding
etag: W/"6315f4d6-2798"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFDoIABKdcgZl6y6rcgYNkQzW49E%2FcLNMKl2CyhLaX8tvbXAqqqkGVvXbzhBYV%2BXuxuvwp%2BiVgsRXoAuj4QZgQsx8%2FUrSFHXOnLyvBMXBuMvqH4wY4jjOO3kJ6Rzhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee3e0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/iicon.bcebb.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/iicon.bcebb.js IP104.26.7.145:0
GET /static/js/iicon.bcebb.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:02 GMT
vary: Accept-Encoding
etag: W/"6315f4b2-2fe9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9zMijbqKaDFXP76YCVz2rek2Sy4z6D4f6KnTZUxdcY0pzs0BgT0TyOZ8X45RJWUmOJWKzQAL1jXC4fsOEKEB1xsZoOCST6LumncEiePpq4UgKw%2B3sg6dIajgsF7pA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee420b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js IP104.26.7.145:0
GET /static/js/vendors~FormView~LocalForm~webfontloader.3a8b0.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:31 GMT
vary: Accept-Encoding
etag: W/"6315f4cf-2f93"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9z0aGgR%2BnRBjh%2BYwxQUCPvcbleKJwsoeFxSD5sDiRHdwWSJtyZQT68Xw84drkg5SenTunOedoMJpDRmAQbQy8Kq8fUvmxang42Qy76bEDWd39bq%2FgYAJoUSTWCeGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef550b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js IP104.26.7.145:0
GET /static/js/FormBuilder~FormDesign~FormTemplate~FormView~LocalForm.4854d.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:31 GMT
vary: Accept-Encoding
etag: W/"6315f4cf-114"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bvzc5GSuYZFmAyDvCJS%2Bn0ENCQywGW%2F7%2BA75AlMz8G89E90geQu%2B3GJNizL%2F6RI88Y%2BKmBcxAIUhlviW0sDlavsK29NeIb2swjjfIAfhlfRzPzBwFGzXJQbiiuoV0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f680b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/cdn-cgi/rum? | 104.26.7.145 | 200 OK | 0 B |
IP104.26.7.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 412
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687488.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860; intercom-id-tt7hkkgs=d89c5e35-5410-4539-85f9-5059323fe7c4; intercom-session-tt7hkkgs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:17 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 747c341989370b55-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/runtime~app.1ad07.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/runtime~app.1ad07.js IP104.26.7.145:0
GET /static/js/runtime~app.1ad07.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:16 GMT
vary: Accept-Encoding
etag: W/"6315f4c0-5fda"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qveQUo1ZXs1xRd8q3mHuL4L%2Bk%2B79KA4AsWNtn4GqJ4B4keoRicLS74LWSwEsJviUP9WeRQOWCCC5Nr%2BFI8vHMdx2ObwLbsp37d%2BkE2jvgIr%2BKa2VY42tkCea8QIZnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee440b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/phishing | 104.26.7.145 | 200 OK | 0 B |
IP104.26.7.145:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /phishing HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: text/html
last-modified: Thu, 08 Sep 2022 14:11:14 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2B3xAM3pgPqwKTFBwgcD4K0BTAb2gakqFQA190xQLgoGWVCgClG99VV86RrzEXrrgIc7cS7S6T29Ay0EP52WFxzSQlHSXub0XPRmf%2FXiPYR8J2GCFgkOgQ1jcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb58cc0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/logo-home.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/img/logo-home.svg IP104.26.7.145:0
GET /assets/img/logo-home.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:12:17 GMT
vary: Accept-Encoding
etag: W/"6319f841-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDQKKGNrsu7qLTeNNSpZd%2F0%2BVKcx7Y8jZDpF23KXydRR7Hrtt8r%2FO8AWJpy%2BYcPOUlhaQEAkiVdFWE%2FScepIQ4rX%2FqyCbdAoj4C%2FcJk0AVDqz%2FdpNl8DRYyArw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecd9580b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/blog-resources.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/img/blog-resources.svg IP104.26.7.145:0
GET /assets/img/blog-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:09:43 GMT
vary: Accept-Encoding
etag: W/"6319f7a7-301"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2lTeLPPB4v5vLW%2FBUGAELIhISkYoHxgSmqDQtJd3eUo0YU4uw7iE3dvc5WDvc3gYi%2FxYSNfcoWsbl94bLgttdecmB7pJv0TSGGs7WR3s%2F45uP0RYj70ROhhfOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf9690b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/js/login.fb59ba75.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/js/login.fb59ba75.js IP104.26.7.145:0
GET /assets/js/login.fb59ba75.js HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 14:10:33 GMT
vary: Accept-Encoding
etag: W/"6319f7d9-1a91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DFU7Pubkwvg1GZdFtRsqXIuYDbkfKcKEP2L6NjzqYXDUUYIV%2B7tuB3HnRAbwQ0WGu2SdiBNVUVRORtBrp%2Fl7%2BX5Nmc3eylrisPlf3HIUZe3quaGdi0K9hoC7Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed09790b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| js.intercomcdn.com/vendor.db1f5016.js | 54.230.111.84 | 200 OK | 0 B |
URL HTTP/2js.intercomcdn.com/vendor.db1f5016.js IP54.230.111.84:0
GET /vendor.db1f5016.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 103230
last-modified: Thu, 08 Sep 2022 16:19:52 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: CNo1uRhDSh4dT1NQhrW_GtXzTq3WlLQx
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 00:21:24 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "419225bddbaa8f495860fdd6b21c2a5c"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y_ss4kv8WQVzR04FNbo2vN-gp2TzI_fSBNE0KTFDsvAd7DUn7wvzWg==
age: 4609
X-Firefox-Spdy: h2
|
|
| my.forms.app/form/629b6312bd94a175bb849970 | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/form/629b6312bd94a175bb849970 IP104.26.7.145:0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /form/629b6312bd94a175bb849970 HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=akukP0mjunlvtT6wP6C1Hs3Wu9FQ8bDtiewO4jHxBzXKAGn5OBAq%2BAdYMmWLUyV96nIp%2F3SVW%2FiKLmX1hIk5flHaA%2B3CNOUrVOivGiyBUqTzYAF6zW%2B0sUOGiL7rtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e20d7c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/app.d858d.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/app.d858d.css IP104.26.7.145:0
GET /static/css/app.d858d.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:36 GMT
vary: Accept-Encoding
etag: W/"6315f4d4-107d0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BU1iFZjSC%2BGAgypHUTp4dVvOt122z5Ileunv60CMQ9CgX3P3fi008Rz%2FhwuYpXwcLBBZ9f9wOQmuNDllPDLZvLukecSafE5tFc8ap6K4B%2FpQMkWmjrGp3EouX8Q30A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3de350b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js IP104.26.7.145:0
GET /static/js/FormBuilder~FormDesign~FormView~LocalForm.56a06.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:22 GMT
vary: Accept-Encoding
etag: W/"6315f4c6-d1ec"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ad825KoBgCS44U9hSwUBShxe0iTX0V9QuCNbnKn2lSxvhhKeLvNd4iDsZwPw2wELZA8FbnuoDBOFDRU0Zf9XMNCwn12qa5TXVaHMBgQDGzuHiVeE5618S7E5ppml3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f6c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/swal.4f135.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/swal.4f135.js IP104.26.7.145:0
GET /static/js/swal.4f135.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:29 GMT
vary: Accept-Encoding
etag: W/"6315f4cd-12468"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=He%2BCjDCGVJFodSFPt9bebqTsnIteTciy24zbjAup7r%2F9zV5XasAUe6y6LaTaqccoZmLqiK9UBUpAeaGI0YoM%2FNRcKMhjpqIVYj6z1s%2FvRvNGCY%2F4OsrBkdGNa%2Fpwow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef5b0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/apple.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/apple.svg IP104.26.7.145:0
GET /static/img/use/svg/apple.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-412"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hbGn2RMGq7jjxMp1Zn%2F33JsWg0EAGmn6UYebPm9%2B4TkNu%2B9kSxodQYo4yEBKyHd1DFkb3jVOvnejNX47XPWECqvzoyLv7JSynzULjYQUxPfRbwFhrF3aG52r2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf9700b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| api-iam.intercom.io/messenger/web/ping | 75.2.88.188 | 200 OK | 0 B |
URL HTTP/2api-iam.intercom.io/messenger/web/ping IP75.2.88.188:0
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:12 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1662687500
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13332
access-control-allow-origin: https://forms.app
vary: Accept,Accept-Encoding
x-intercom-version: 05d9cad82336b8f9259b87b30e14811c7a641d03
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0008lf3bvh0jsf2j8dd0
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"c44956fda0831a9a31388c8767efbf4b"
x-runtime: 0.329324
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0359a879b27fffa05
X-Firefox-Spdy: h2
|
|
| static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 | 104.18.47.230 | 200 OK | 0 B |
URL HTTP/2static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP104.18.47.230:0
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 747c33e40cf9b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css IP104.26.7.145:0
GET /static/css/FormBuilder~FormView~SharedReport~shareform~shareresult.a750c.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-3e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pp6QZE2QaIFg2jMukYx%2B9vGNPCDmnqo71CsJuiEq9bGSffHUNDyhEcOGGAUBwnVqte4cZVC0zXdCCtrLdNyranzYhvtCxm7%2FROZDb4c1fvhzm7iHjTs2oZvtN6VtCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f660b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/FormBuilder~FormDesign~FormView.4a69f.js IP104.26.7.145:0
GET /static/js/FormBuilder~FormDesign~FormView.4a69f.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:37 GMT
vary: Accept-Encoding
etag: W/"6315f4d5-204c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykZJI1iPDbtS554hm6TMUtVCbv5Jejo4qkFaujOaHwKpPZIkXd5VdWeUWA2PycILi38dUdFcxzqN0sG1Vs3vRDS56PxtTRvAnxDERhkutQyJAyf%2Fldg%2BKwHWLo3G3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f700b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/FormView.2e202.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/FormView.2e202.css IP104.26.7.145:0
GET /static/css/FormView.2e202.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-1f1e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27Nx76Ztcp3P%2FppSfLUuvHWh9V5NeVf0kj7iKoTPwmcjxiImHZneMmMCWUv%2FC1h1ClqnMIby6NrzqrSMJQrospicZfo8cSd4K4LWVpkIivOVRGeY4KFJF7HRc4WPaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f720b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/icons.2b7bf.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/icons.2b7bf.js IP104.26.7.145:0
GET /static/js/icons.2b7bf.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:44 GMT
vary: Accept-Encoding
etag: W/"6315f4dc-360f1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FJ14bD3VGkweqBT3pMVMlMrEjCKZD9rRCFsd77Onb56082wQYthkNYttDmcNFD098uKdvtGOpJjuWsGETSiZwlayz9MbsApSlxQHhtKZbeNHAoASnNdmJiufgETVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb88fb0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| api.forms.app/user/gettimezonefromutc | 104.26.6.145 | 200 OK | 0 B |
URL HTTP/2api.forms.app/user/gettimezonefromutc IP104.26.6.145:0
POST /user/gettimezonefromutc HTTP/1.1
Host: api.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Authorization: none
Content-Length: 21
Origin: https://my.forms.app
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-custom-header: web1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDSz%2BvSHbv4KSo%2BRLgv49%2FrkiunnhuS39vlLPZcpheYOgxxua6dXHlQGcccrPUPPpBN2ueAzici2VFEKLCBxAyUmPMVpJ6mGuupdWz9PaumYuu9AFHlQEOSJB5Cm0WU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e86ba5b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js IP104.26.7.145:0
GET /static/js/FormBuilder~FormView~SharedReport~shareform~shareresult.c42fe.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:39 GMT
vary: Accept-Encoding
etag: W/"6315f4d7-b07"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHpHcLzw%2Fz7ywIx%2Brc6x%2FRGqjLQsRNxIAcihtLezpJKS2VbmSHaj%2B5zX0X2vX8cUjyo1YcVZxgqEwzNpYpG%2FhzV5aXIWCIaKfUV%2BVuQ9nJPhGxViD6TbblpBMZwLHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e70f670b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/img/logo-home.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/img/logo-home.svg IP104.26.7.145:0
GET /static/img/logo-home.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-23c3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZmGduanxhWGIqIL4hgELNjqe8%2FUICNxH6y%2B84pHKFKopE%2B9%2FUojS3CcEUJPXh6NhEDYx8pA8yTR3w1IYOOwd5zln17vefM0xJkiqnPkCfT43An9NZVHzIrJ3trgbYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33eb68d70b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/img/formsapp-logo.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/img/formsapp-logo.svg IP104.26.7.145:0
GET /static/img/formsapp-logo.svg HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:35 GMT
vary: Accept-Encoding
etag: W/"6315f4d3-20f0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jxxwuz%2F0oXZ1rrjnaFWGp1EemdHRDmelpCs5YR%2F5qJEbu2O7DSfRSw6zvzNXRkX5anWP8P5rMxjEMiupzLsAwjLaZUcWSHlMG13sGscNNDtWu%2BbHucqPtp3n0CdGUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e88fee0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/facebook.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/facebook.svg IP104.26.7.145:0
GET /static/img/use/svg/facebook.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:12 GMT
vary: Accept-Encoding
etag: W/"6315f4bc-388"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fzu45PTrTd8IBVY9tsuBCKyDic5%2BbAwFXrjnMs45b5%2BoeZONVZeN5i9mEBZjNeJUg4TnXEIHOVss3%2Blk%2FMRnt3kh%2BEMSK%2B3RI6Sof6lw%2FZSWdqbQS8y4gaL3%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96f0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/vuegtm.3359a.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/vuegtm.3359a.js IP104.26.7.145:0
GET /static/js/vuegtm.3359a.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:14 GMT
vary: Accept-Encoding
etag: W/"6315f4be-2730"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0bzCdntTMXw1U7qRpzeGrLdGIkG4RXPRnYB%2FJl4BObx8Kzx%2FwtlABveHeTsushcWIhfXNwrgR6x97t60sjueBgEBhEKyDuetxasKj2uw%2BhAr%2Fxwg5qW2Ve6NwFnfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e6ef5c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/mainheader.c3247.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/mainheader.c3247.css IP104.26.7.145:0
GET /static/css/mainheader.c3247.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:42 GMT
vary: Accept-Encoding
etag: W/"6315f4da-1405"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JZQO1gMfsM81zL2kFsgm1w9rWCSR%2FX%2BfyP7X6pXB4Su7ee%2BtYnEwuIAOQ2JW4lxIau8td7xlQKgYXhjI1jU%2FYy%2BbGrSZmEX44rbo3fTYXZSC7oYR6llidf5Y85cdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e72f7c0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/carousel.e5ce5.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/carousel.e5ce5.js IP104.26.7.145:0
GET /static/js/carousel.e5ce5.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:16 GMT
vary: Accept-Encoding
etag: W/"6315f4c0-4a64"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jr8DCs%2B2%2Bkw4JEns1xyc6HZps31E%2Bv8O5xpimbznzJKSJh6rITC6EhvDf8zporwwt24c5hi%2FWjS9ELTnq46da1Yfym%2FvprZlfDeDqREq85FDs3n0EHoVHQwiAJF%2BFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e87feb0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/envelope.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/envelope.svg IP104.26.7.145:0
GET /static/img/use/svg/envelope.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:19 GMT
vary: Accept-Encoding
etag: W/"6315f4c3-2c6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3rU6pUwskJanYRtY0RvcInVUV09lsbKG7XG1MUrWXh5GYMXuo79CjQYq1olwqlTi%2FjJhSdo47%2FxLLSt2fSSXVUKZLdopsYYevQ8i4BMpirvzHyfeqDeUojDPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ed09780b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/cdn-cgi/rum? | 104.26.7.145 | 200 OK | 0 B |
IP104.26.7.145:0
POST /cdn-cgi/rum? HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI4ODU3MzIiLCJhcCI6IjI4NjQ3OTU0OSIsImlkIjoiZGQzYzYzZTZjN2ZjNzczNyIsInRyIjoiMDc2ZTU4MGUxMGZmMWMwYTdmMjIzZmJiYTk3NGFjZDEiLCJ0aSI6MTY2MjY4NzQ4MzA5OH19
traceparent: 00-076e580e10ff1c0a7f223fbba974acd1-dd3c63e6c7fc7737-01
tracestate: 2885732@nr=0-1-2885732-286479549-dd3c63e6c7fc7737----1662687483098
content-type: application/json
Content-Length: 15674
Origin: https://forms.app
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.1.1662687482.0.0.0; _ga=GA1.1.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; __asc=7d7f68d41831fe591394b291448; __auc=7d7f68d41831fe591394b291448; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8; _fbp=fb.1.1662687483033.2116538860
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:11 GMT
content-type: text/plain
access-control-allow-origin: https://forms.app
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 747c33f4abf70b55-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/dcomponents.2f40b.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/dcomponents.2f40b.css IP104.26.7.145:0
GET /static/css/dcomponents.2f40b.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-194c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wti%2Bd6eLY2uTtRj6pSqk7AZGR1Jc8rMdQLymqxKUKjdk8rynJkxKmo22Z6h36zSn1an2wKZ1vKzFJrZM5KSWtAzXYoFpPZW1QYpCfoPRc6lcKWJjwDDPAnfSFiof1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee390b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c | 142.250.74.72 | 200 OK | 0 B |
URL HTTP/2www.googletagmanager.com/gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c IP142.250.74.72:0
GET /gtag/js?id=G-740JKHV4FZ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Sep 2022 01:38:08 GMT
expires: Fri, 09 Sep 2022 01:38:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76587
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/js/vendor.523c4.js | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/js/vendor.523c4.js IP104.26.7.145:0
GET /static/js/vendor.523c4.js HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 13:08:15 GMT
vary: Accept-Encoding
etag: W/"6315f4bf-5e95c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1wXWhJCY4iNZiUrTBc2xmHtRltCi3VEOWC1hhD5bWh9PhT%2F8E9CddB0n51Y%2FM4NCjmOvjIyyHUJNR5CWjBb55qE%2FrkdcjjMQjBejGLEdeQJCOJeEFh0hHrYbPQFIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e3ee430b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/assets/img/help-resources.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/assets/img/help-resources.svg IP104.26.7.145:0
GET /assets/img/help-resources.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 14:13:06 GMT
vary: Accept-Encoding
etag: W/"6319f872-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RMa%2Btxznz4nmc57B%2BEGo2GiMSPzjmlzHErk6%2Bt7vMTP3WRG0Ppt3ys0gXbW1%2FuROonEhGYt%2F5eQEY09H8j8IEE8dZtuQ1Vkfyu4TPXDt%2BwxGFOpvbcRv%2Blrh5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96a0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css IP104.26.7.145:0
GET /static/css/Account-PaymentHistory~mainheader~upgradepopup.61ec5.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:20 GMT
vary: Accept-Encoding
etag: W/"6315f4c4-4b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6QF2ygDlPkZu%2FgsxBAR6vsYHlZiHegZ%2B91Bikxg1YpW882hJ5tzoIfT%2FqvTJOtTpuFwkWRC00ElHTI1bgh971OQGiMoffdf3mROTs55NPIUP%2BSyqAUVJTxqLPiA0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e71f760b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.forms.app/static/css/carousel.fb728.css | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2my.forms.app/static/css/carousel.fb728.css IP104.26.7.145:0
GET /static/css/carousel.fb728.css HTTP/1.1
Host: my.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://my.forms.app/form/629b6312bd94a175bb849970
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687480.0.0.0; _ga=GA1.1.458440350.1662687481; language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:09 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 13:08:00 GMT
vary: Accept-Encoding
etag: W/"6315f4b0-7f4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcqki02zwY%2BcTfZ%2BGuk2zQejWFxbpfek4LNcpRy2Y4NHRLEDo%2BgiMd2KBg2XHSPZQA234v6lWuqhuhOqoESe3pRPKHZxZfQc520tn%2B%2FRMpbQyUcfm0i21JaDfutKFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33e87fe90b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| forms.app/static/img/use/svg/google.svg | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2forms.app/static/img/use/svg/google.svg IP104.26.7.145:0
GET /static/img/use/svg/google.svg HTTP/1.1
Host: forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/phishing
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 13:08:28 GMT
vary: Accept-Encoding
etag: W/"6315f4cc-64c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWuHRwz9dAJVNhNa3c7anAo8Dcc5Jd1kspKTesiBaS8%2FKiVp19eUvygHnQPETv%2Fs%2FCvrQmIeAmmLfD6Qo9CIPvuHshhCQi9yGd0pNezKXI8LKogNGOEnGBkQ7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ecf96d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| file.forms.app/sitefile/Google%20Analytics.png | 104.26.7.145 | 200 OK | 0 B |
URL HTTP/2file.forms.app/sitefile/Google%20Analytics.png IP104.26.7.145:0
GET /sitefile/Google%20Analytics.png HTTP/1.1
Host: file.forms.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://forms.app/
Cookie: _gcl_au=1.1.458231517.1662687481; _ga_740JKHV4FZ=GS1.1.1662687480.1.0.1662687481.0.0.0; _ga=GA1.2.458440350.1662687481; language=en; _gid=GA1.2.134547598.1662687481; _dc_gtm_UA-123158574-1=1; _uetsid=0a9571402fe011edae933da35c214798; _uetvid=0a955c702fe011ed8cede9886daf40f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 01:38:10 GMT
content-type: image/png
content-disposition: attachment; filename= Google Analytics.png
cf-cache-status: EXPIRED
last-modified: Thu, 08 Sep 2022 20:50:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wJm45p7OPPeyvpwZ8Y41iXKHcWTeW0F1ujGy6XmlTS57TYEMHo1RNz4Wsg9dut2dZid6c3LKHQ%2FgFV39ubd8lEbb9mKwLuhZbjvK8%2BE45WmqEKiRK8N4JIpcFEISv6DK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 747c33ece9600b55-OSL
X-Firefox-Spdy: h2
|
|