accounts.gocsooglc.com Open in urlscan Pro
82.180.139.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Effective URL:
https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebS...
Submission: On March 23 via manual (March 23rd 2023, 8:51:43 pm UTC) from US — Scanned from DE

Summary HTTP 34 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 34 HTTP transactions. The main IP is 82.180.139.65, located in Phoenix, United States and belongs to AS-HOSTINGER, CY. The main domain is accounts.gocsooglc.com.
TLS certificate: Issued by R3 on March 22nd 2023. Valid for: 3 months.

This is the only time accounts.gocsooglc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	52.217.111.190 52.217.111.190	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
2	2606:4700:303... 2606:4700:3030::6815:ba0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 9	82.180.139.65 82.180.139.65	47583 (AS-HOSTINGER) (AS-HOSTINGER)
10	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
34	9

3 52.217.111.190 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::6815:ba0 (United States)

ASN13335 (CLOUDFLARENET, US)

killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 82.180.139.65 (Phoenix, United States) 4 redirects

ASN47583 (AS-HOSTINGER, CY)

accounts.gocsooglc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	gstatic.com www.gstatic.com fonts.gstatic.com	390 KB
9	gocsooglc.com 4 redirects accounts.gocsooglc.com	553 KB
3	amazonaws.com s3.amazonaws.com	34 KB
2	youtube.com accounts.youtube.com — Cisco Umbrella Rank: 905	4 KB
2	killbot.org killbot.org	1 KB
1	google.com play.google.com Failed www.google.com — Cisco Umbrella Rank: 2	4 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 334	2 KB
34	7

	Domain	Requested by
10	www.gstatic.com	accounts.gocsooglc.com www.gstatic.com
9	accounts.gocsooglc.com	4 redirects s3.amazonaws.com www.gstatic.com accounts.gocsooglc.com
4	fonts.gstatic.com	accounts.gocsooglc.com
3	s3.amazonaws.com	s3.amazonaws.com
2	accounts.youtube.com	www.gstatic.com s3.amazonaws.com
2	killbot.org	cdn.jsdelivr.net
1	www.google.com	accounts.youtube.com
1	cdn.jsdelivr.net	s3.amazonaws.com
0	play.google.com Failed	www.gstatic.com
34	9

This site contains links to these domains. Also see Links.

Domain
support.google.com

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2022-12-06` - `2023-12-05`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-29` - `2023-06-28`	a year	crt.sh
www.gocsooglc.com R3	`2023-03-22` - `2023-06-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ
Frame ID: 91C8BE558D02048353E7AB08E688D01B
Requests: 32 HTTP requests in this frame

Frame: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.gocsooglc.com&v=1268115142&timestamp=1679604699019
Frame ID: 1D73073FE6AA23B6618E83E92246BBF4
Requests: 3 HTTP requests in this frame

Frame: https://accounts.gocsooglc.com/_/bscframe
Frame ID: FDDC9EFF8892FB2D2FD5B7311C2F75C6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in - Google Accounts

Page URL History Show full URLs

https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c657... Page URL
https://accounts.gocsooglc.com/GtBFUPoY?&email= HTTP 302
https://accounts.gocsooglc.com/signin/v2/identifier?hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP 302
https://accounts.gocsooglc.com/ServiceLogin?flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en HTTP 302
https://accounts.gocsooglc.com/InteractiveLogin?flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQ... HTTP 302
https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLog... Page URL

Detected technologies

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

34
Requests

82 %
HTTPS

75 %
IPv6

7
Domains

9
Subdomains

9
IPs

2
Countries

984 kB
Transfer

1616 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://support.google.com/chrome/answer/6130773?hl=en
Title: Learn more

Search URL Search Domain Scan URL

URL: https://support.google.com/accounts?hl=en&p=account_iph
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d Page URL
https://accounts.gocsooglc.com/GtBFUPoY?&email= HTTP 302
https://accounts.gocsooglc.com/signin/v2/identifier?hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP 302
https://accounts.gocsooglc.com/ServiceLogin?flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en HTTP 302
https://accounts.gocsooglc.com/InteractiveLogin?flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7QNZVIyGjJgAM8h_xA9v1Za98rpH6RKl1MhoCUjEn5JO_Bgd9eiVohp7YsPi8IThgDw5t6DGQ HTTP 302
https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK index.html Show response
s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/ 33 KB
33 KB 410ms
162ms Document
text/html 52.217.111.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.111.190 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 624ae8383f5d77ba87f3d80fc4d69289d1b5db406c95cbb47af08752e5682b97

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Length: 33427
Content-Type: text/html
Date: Thu, 23 Mar 2023 20:51:33 GMT
ETag: "889c1f87f46d228bd0e8ebb38973126b"
Last-Modified: Thu, 23 Mar 2023 17:06:03 GMT
Server: AmazonS3
x-amz-id-2: 1itIEbudYAyZoYnYB8F4/lBHMc6U2jOEq8aRVPUnG0KwtEoWAiLW+uNX1AkpXNCVDBxzbyWDp4s=
x-amz-meta-app-version: test
x-amz-meta-appname: redirecttest
x-amz-request-id: 7REEZ3CD7HF2DA5T
x-amz-server-side-encryption: AES256
x-amz-version-id: rDwFGI9pIv3BJDuoHfEnCJxMhMXczs_k

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 404
Not Found transparent.gif
s3.amazonaws.com/cdn-cgi/images/trace/jsch/js/ 307 B
307 B 132ms
131ms Image
application/xml 52.217.111.190
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=745bca546d38b4e8
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.111.190 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6e85494b6788a1f8e04efa6ff4393e099dda6921ee25a6833026d8c89fb8b5b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Thu, 23 Mar 2023 20:51:32 GMT
Server: AmazonS3
x-amz-request-id: 7RE38Q3RBPFC0EZJ
x-amz-id-2: wEpNmOcCQVg2ozwzyGrdsk3Kr3o8UF6VGWTJ7QNxG1AVHJG4/KW5ncj+nh9JltBqF+R9lUWwIQA=
Transfer-Encoding: chunked
Content-Type: application/xml

GET
H2 200 main.min.js Show response
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/ 3 KB
2 KB 131ms
41ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js

Requested by

Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 23 Mar 2023 20:51:32 GMT
x-content-type-options: nosniff
content-encoding: br
age: 28063
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1222
x-served-by: cache-fra-eddf8230097-FRA, cache-hhn-etou8220071-HHN
x-jsd-version-type: branch
etag: W/"a7c-kmbumraAtj1yBda8Zbl2dRPRYqU"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 403
Forbidden transparent.gif
s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/Just%20a%20moment_fichiers/ 243 B
243 B 255ms
124ms Image
application/xml 52.217.111.190
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/Just%20a%20moment_fichiers/transparent.gif
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.111.190 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Thu, 23 Mar 2023 20:51:32 GMT
Server: AmazonS3
x-amz-request-id: 7REAEHJ730FNM2RV
x-amz-id-2: uMtQEIiNylwE94NOr9q0mh/QT4YxU/ypI8YOP2WzV9tTbwTpkh7xaWGixxPlNhl568FT3Zv9LUQ=
Transfer-Encoding: chunked
Content-Type: application/xml

GET
H2 200 whois
killbot.org/api/v2/ 272 B
931 B 363ms
219ms Fetch
application/json 2606:4700:3030::6815:ba0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/whois?apikey=_J14k_5sHZiFR3C3uZ6NGBPph1iZq3g-aYSeTKmHUNJf_
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:ba0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 20:51:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XO%2BVKFShQwBSIFHIzagSuChFSKAz8skJTrTKuOXpD9ZdcV7TbbBMO1gLDNm3RVIjAGkvsRVokhQskAn38GMI3BVWZm%2FGhznIMqDfbYuS31jfuAuwPB176O3Mn8TBPSA4Y53za6X%2FnCYmeg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 7ac98d920ef73735-FRA
bug-bounty: Report to live chat :)
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1

200
OK

Primary Request identifier Show response
accounts.gocsooglc.com/v3/signin/
Redirect Chain

https://accounts.gocsooglc.com/GtBFUPoY?&email=
https://accounts.gocsooglc.com/signin/v2/identifier?hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin
https://accounts.gocsooglc.com/ServiceLogin?flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en
https://accounts.gocsooglc.com/InteractiveLogin?flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7QNZVIyGjJgAM8h_xA9v1Za98rpH6RKl1MhoCUjEn5JO_Bgd9eiVohp7YsPi8IThgDw5t6DGQ
https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCs...

544 KB
546 KB

1118ms
758ms

Document
text/html

82.180.139.65
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 82.180.139.65 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: ESF /
Resource Hash: 79248fdbc051306fffc4d37d507388d30b1d0278944ef71873280c531ea5e2fc

Request headers

Referer: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy-Report-Only: same-origin
Cross-Origin-Resource-Policy: same-site
Date: Thu, 23 Mar 2023 20:51:37 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
Pragma: no-cache
Server: ESF
Transfer-Encoding: chunked
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
X-Auto-Login: realm=com.google&args=continue%3Dhttps://accounts.google.com/ManageAccount?nc%253D1
X-Ua-Compatible: IE=edge

Redirect headers

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
Date: Thu, 23 Mar 2023 20:51:36 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Location: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ
Pragma: no-cache
Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
Server: GSE
Transfer-Encoding: chunked

GET
H2 401 blocker
killbot.org/api/v2/ 146 B
559 B 217ms
216ms Fetch
application/json 2606:4700:3030::6815:ba0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/blocker?apikey=_J14k_5sHZiFR3C3uZ6NGBPph1iZq3g-aYSeTKmHUNJf_&ip=2a01:4a0:1338:92::12&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/111.0.5563.110%20Safari/537.36&url=?e=16d696140666c6578706f72742e636f6d
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:ba0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 20:51:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lxG6I4QJTTeZ1icZRTUZgArzAoFBJhCloDBi9a8XZoNLj2Bfz3ypVX78C8PlEnMUHBF5%2BvbQTuJMc9kMT8WkLKFEB%2Bg2hJY0O0Rkh%2FRbYjkvFFi7lZYn2VAled%2BosLykLXb20DTp1wE87A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 7ac98d9369283735-FRA
bug-bounty: Report to live chat :)
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/excm=_b,_r,_tp,identifierview/ed=1/dg=0/wt=2/rs=AOaEmlERGX5F8ncD4... 202 KB
71 KB 128ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/excm=_b,_r,_tp,identifierview/ed=1/dg=0/wt=2/rs=AOaEmlERGX5F8ncD4fXFOxobcZ-1w9YTmg/m=_b,_tp,_r

Requested by

Host: accounts.gocsooglc.com
URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b582f9d3acb775385e5834a308eeec10c7d48d6ac46a437e7c17fa3c469ae10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72332
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 20:27:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:29 GMT

GET
DATA 200
OK truncated
/ 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ 21 KB
21 KB 139ms
50ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.gocsooglc.com/
Origin: https://accounts.gocsooglc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:39 GMT
x-content-type-options: nosniff
age: 216839
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21464
x-xss-protection: 0
last-modified: Mon, 22 Apr 2019 23:42:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:39 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
16 KB 129ms
40ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.gocsooglc.com/
Origin: https://accounts.gocsooglc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:38 GMT
x-content-type-options: nosniff
age: 216840
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:38 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
15 KB 194ms
105ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.gocsooglc.com/
Origin: https://accounts.gocsooglc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:38 GMT
x-content-type-options: nosniff
age: 216840
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:38 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ 21 KB
21 KB 177ms
89ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.gocsooglc.com/
Origin: https://accounts.gocsooglc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:39 GMT
x-content-type-options: nosniff
age: 216839
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21700
x-xss-protection: 0
last-modified: Mon, 22 Apr 2019 23:43:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:39 GMT

GET
H2 200 m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,byfTOb,lsjVmc,XVq9Qb,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,kibjWe,nnwwYc,ANCJdb,V3dDOb,G0cNrd,zsCYJ,mWLH9d,NOeYWe,O6y8ed,t2srLd,f... Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=_b,_r,_tp... 595 KB
194 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,byfTOb,lsjVmc,XVq9Qb,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,kibjWe,nnwwYc,ANCJdb,V3dDOb,G0cNrd,zsCYJ,mWLH9d,NOeYWe,O6y8ed,t2srLd,fqEYIb,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,hc6Ubd,AkfuYc,KUM7Z,oLggrd,inNHtf,L1AAkb,XVMNvd,Mlhmy,lwddkf,gychg,EEDORb,SpsfSb,tUnxGc,aW3pY,kmSu5b,EFQ78c,ZfAoz,xQtZb,I6YDgd,N5Lqpc,fgj8Rb,kWgXee,PkV8id,hmHrle,ovKuLd,zbML3c,yDVVkb,zr1jrb,AD1APd,vHEMJe,YHI3We,YTxL4,i1Z3Ub,MbBXlb,bSspM,el0Mne,UmWJEc,KG2eXe,Uas9Hd,lg30w,e3uIRe,zy0vNb,my67ye,fJpY1b,EN3i8d,K0PMbc,EGw7Od,A2sInc,AvtSve,qmdT9,vDwyod,ZUKRxc,xBaz7b,GGodmf,eVCnO,wzQaQb,BDnJmb,LDQI,SUKkyc,b3kMqb

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/excm=_b,_r,_tp,identifierview/ed=1/dg=0/wt=2/rs=AOaEmlERGX5F8ncD4fXFOxobcZ-1w9YTmg/m=_b,_tp,_r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8afb6b80104b05d72d2b95d05ec6f2b174cdf47bb268f946a63f0b3ca6ae8c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198587
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:30 GMT

GET
H2 200 m=ltDFwf,Rusgnf,Ctsu,UPKV3d,wGM7Jc,IZ1fbc,i5dxUd,m9oV,kSPLL,NTMZac,bTi8wc,i5H9N,SzsEAf,RAnnUd,qPfo0c,PHUIyb,bPkrc,pxq3x,uu7UOe,yRXbo,soHxf,qNG0Fc,ywOR5c,W2YXuc Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD... 122 KB
37 KB 99ms
99ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,EEDORb,EFQ78c,EGw7Od,EN3i8d,G0cNrd,GGodmf,I6YDgd,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NwH0H,O6y8ed,OTA3Ae,OmgaI,PkV8id,PrPYRd,SCuOPb,STuCOe,SUKkyc,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZfAoz,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bSspM,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hmHrle,i1Z3Ub,inNHtf,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,qmdT9,siKnQd,t2srLd,tUnxGc,vDwyod,vHEMJe,vfuNJf,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,wGM7Jc,IZ1fbc,i5dxUd,m9oV,kSPLL,NTMZac,bTi8wc,i5H9N,SzsEAf,RAnnUd,qPfo0c,PHUIyb,bPkrc,pxq3x,uu7UOe,yRXbo,soHxf,qNG0Fc,ywOR5c,W2YXuc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a423bb363c6db28989a9b27472b7748390d4e51fffe6cb63f1b56237803a73dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37659
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:30 GMT

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD... 12 KB
4 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,Ctsu,EEDORb,EFQ78c,EGw7Od,EN3i8d,G0cNrd,GGodmf,I6YDgd,IZ1fbc,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PkV8id,PrPYRd,RAnnUd,Rusgnf,SCuOPb,STuCOe,SUKkyc,SpsfSb,SzsEAf,U0aPgd,UPKV3d,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,W2YXuc,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZfAoz,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hmHrle,i1Z3Ub,i5H9N,i5dxUd,inNHtf,kSPLL,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,ltDFwf,lwddkf,m9oV,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,pxq3x,qNG0Fc,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,uu7UOe,vDwyod,vHEMJe,vfuNJf,wGM7Jc,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3709c89724a95cf262092be6357663c693b6af9d5dfe34b08a5e2f506f99cc68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240426
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4516
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:32 GMT

GET
H3 200 m=ZwDk9d,RMhBfe Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD... 3 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,Ctsu,EEDORb,EFQ78c,EGw7Od,EN3i8d,G0cNrd,GGodmf,I6YDgd,IZ1fbc,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PkV8id,PrPYRd,RAnnUd,RqjULd,Rusgnf,SCuOPb,STuCOe,SUKkyc,SpsfSb,SzsEAf,U0aPgd,UPKV3d,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,W2YXuc,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZfAoz,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hmHrle,i1Z3Ub,i5H9N,i5dxUd,inNHtf,kSPLL,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,ltDFwf,lwddkf,m9oV,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,pxq3x,qNG0Fc,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,uu7UOe,vDwyod,vHEMJe,vfuNJf,wGM7Jc,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=ZwDk9d,RMhBfe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebfbcbdec98a871c12199905dd02e8062873ef46666183da11b26c788be1884b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240426
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1472
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:32 GMT

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD... 1 KB
732 B 89ms
88ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,Ctsu,EEDORb,EFQ78c,EGw7Od,EN3i8d,G0cNrd,GGodmf,I6YDgd,IZ1fbc,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PkV8id,PrPYRd,RAnnUd,RMhBfe,RqjULd,Rusgnf,SCuOPb,STuCOe,SUKkyc,SpsfSb,SzsEAf,U0aPgd,UPKV3d,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,W2YXuc,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hmHrle,i1Z3Ub,i5H9N,i5dxUd,inNHtf,kSPLL,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,ltDFwf,lwddkf,m9oV,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,pxq3x,qNG0Fc,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,uu7UOe,vDwyod,vHEMJe,vfuNJf,wGM7Jc,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79b82bcae3180799a9e444e296ef82a9341b75b78b09d599f7d03c8ff478cbd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 706
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:32 GMT

GET
H3 200 m=w9hDv,VwDzFe,A7fCU Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD... 2 KB
746 B 83ms
82ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,Ctsu,EEDORb,EFQ78c,EGw7Od,EN3i8d,G0cNrd,GGodmf,I6YDgd,IZ1fbc,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PkV8id,PrPYRd,RAnnUd,RMhBfe,RqjULd,Rusgnf,SCuOPb,STuCOe,SUKkyc,SpsfSb,SzsEAf,U0aPgd,UPKV3d,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,W2YXuc,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hmHrle,i1Z3Ub,i5H9N,i5dxUd,inNHtf,kSPLL,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,ltDFwf,lwddkf,m9oV,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,pxq3x,qNG0Fc,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,uu7UOe,vDwyod,vHEMJe,vfuNJf,wGM7Jc,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=w9hDv,VwDzFe,A7fCU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

814a602071cd3e158ac87bdf5bff9cfa6d9ca55a547b536cdac43d6660de3b19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 720
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:32 GMT

GET
H3 200 m=sOXFj,q0xTif,ZZ4WUe Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,A7... 3 KB
1 KB 80ms
79ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,A7fCU,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,Ctsu,EEDORb,EFQ78c,EGw7Od,EN3i8d,G0cNrd,GGodmf,I6YDgd,IZ1fbc,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PkV8id,PrPYRd,RAnnUd,RMhBfe,RqjULd,Rusgnf,SCuOPb,STuCOe,SUKkyc,SpsfSb,SzsEAf,U0aPgd,UPKV3d,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,VwDzFe,W2YXuc,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hmHrle,i1Z3Ub,i5H9N,i5dxUd,inNHtf,kSPLL,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,ltDFwf,lwddkf,m9oV,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,pxq3x,qNG0Fc,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,uu7UOe,vDwyod,vHEMJe,vfuNJf,w9hDv,wGM7Jc,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=sOXFj,q0xTif,ZZ4WUe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a89cfab7dfad9d24c0fa881edbd2318e363b6fb109e6ed575bd6e5c30b29f61d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1477
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 02:04:32 GMT

GET
H2 403 CheckConnection Show response
accounts.youtube.com/accounts/ Frame 1D73 2 KB
2 KB 159ms
69ms Document
text/html 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.gocsooglc.com&v=1268115142&timestamp=1679604699019

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,byfTOb,lsjVmc,XVq9Qb,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,kibjWe,nnwwYc,ANCJdb,V3dDOb,G0cNrd,zsCYJ,mWLH9d,NOeYWe,O6y8ed,t2srLd,fqEYIb,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,hc6Ubd,AkfuYc,KUM7Z,oLggrd,inNHtf,L1AAkb,XVMNvd,Mlhmy,lwddkf,gychg,EEDORb,SpsfSb,tUnxGc,aW3pY,kmSu5b,EFQ78c,ZfAoz,xQtZb,I6YDgd,N5Lqpc,fgj8Rb,kWgXee,PkV8id,hmHrle,ovKuLd,zbML3c,yDVVkb,zr1jrb,AD1APd,vHEMJe,YHI3We,YTxL4,i1Z3Ub,MbBXlb,bSspM,el0Mne,UmWJEc,KG2eXe,Uas9Hd,lg30w,e3uIRe,zy0vNb,my67ye,fJpY1b,EN3i8d,K0PMbc,EGw7Od,A2sInc,AvtSve,qmdT9,vDwyod,ZUKRxc,xBaz7b,GGodmf,eVCnO,wzQaQb,BDnJmb,LDQI,SUKkyc,b3kMqb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d2edef1cb6860584fb7e37c5b6d2ce13d23db740bf61855f94242cf42f012732

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-m_CSDRMvK32XZUrLViBaXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.gocsooglc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-m_CSDRMvK32XZUrLViBaXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin; report-to="AccountsDomainCookiesCheckConnectionHttp"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 20:51:39 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"AccountsDomainCookiesCheckConnectionHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsDomainCookiesCheckConnectionHttp/external"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK batchexecute Show response
accounts.gocsooglc.com/v3/signin/_/AccountsSignInUi/data/ 143 B
1 KB 925ms
555ms XHR
application/json 82.180.139.65
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gocsooglc.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=-8783400730650439919&bl=boq_identityfrontendauthuiserver_20230319.08_p0&hl=en&_reqid=75100&rt=c
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/excm=_b,_r,_tp,identifierview/ed=1/dg=0/wt=2/rs=AOaEmlERGX5F8ncD4fXFOxobcZ-1w9YTmg/m=_b,_tp,_r
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 82.180.139.65 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: ESF /
Resource Hash: fc6037b8a4ac00a593305850c4129975d049fddac51f325c6a17f0b04de23d07

Request headers

x-goog-ext-278367001-jspb: ["GlifWebSignIn"]
X-Same-Domain: 1
Referer: https://accounts.gocsooglc.com/
x-goog-ext-391502476-jspb: ["S1308760528:1679604696588524",null,null,"AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ"]
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

Date: Thu, 23 Mar 2023 20:51:39 GMT
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: same-site
Content-Disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Pragma: no-cache
Accept-Ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Server: ESF
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi"
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bscframe Show response
accounts.gocsooglc.com/_/ Frame FDDC 15 B
862 B 897ms
533ms Document
text/html 82.180.139.65
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gocsooglc.com/_/bscframe
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 82.180.139.65 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: ESF /
Resource Hash: c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e

Request headers

Referer: https://accounts.gocsooglc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy-Report-Only: same-origin
Cross-Origin-Resource-Policy: same-site
Date: Thu, 23 Mar 2023 20:51:39 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
Pragma: no-cache
Server: ESF
Transfer-Encoding: chunked
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site

POST log
play.google.com/ 0
0

POST
H2 404 cspreport
accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/ Frame 1D73 2 KB
2 KB 140ms
139ms Other
text/html 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/cspreport
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/index.html?e=16d696140666c6578706f72742e636f6d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d5f986569d61220db701c5d5b5865b8e71c080e34dd96cb8c3102e31fe7bdb77

Request headers

Referer: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.gocsooglc.com&v=1268115142&timestamp=1679604699019
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 23 Mar 2023 20:51:39 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1613
content-type: text/html; charset=UTF-8

GET
H2 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 1D73 3 KB
4 KB 137ms
48ms Image
image/png 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Host: accounts.youtube.com
URL: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.gocsooglc.com&v=1268115142&timestamp=1679604699019

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 20:51:39 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3170
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 23 Mar 2023 20:51:39 GMT

POST log
play.google.com/ 0
0

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,A7... 6 KB
3 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,A7fCU,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,Ctsu,EEDORb,EFQ78c,EGw7Od,EN3i8d,G0cNrd,GGodmf,I6YDgd,IZ1fbc,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PkV8id,PrPYRd,RAnnUd,RMhBfe,RqjULd,Rusgnf,SCuOPb,STuCOe,SUKkyc,SpsfSb,SzsEAf,U0aPgd,UPKV3d,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,VwDzFe,W2YXuc,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hmHrle,i1Z3Ub,i5H9N,i5dxUd,inNHtf,kSPLL,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,ltDFwf,lwddkf,m9oV,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,pxq3x,q0xTif,qNG0Fc,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,uu7UOe,vDwyod,vHEMJe,vfuNJf,w9hDv,wGM7Jc,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b71d87f977d9c5074bf3e855ddf97220ed18622f2a5b30837b406e216de4bfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 05:43:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2724
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Mar 2024 05:43:14 GMT

GET
H3 200 m=wg1P6b Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,A7... 10 KB
3 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/ck=boq-identity.AccountsSignInUi.02Ppmg4kx3I.L.B1.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/exm=A2sInc,A7fCU,AD1APd,ANCJdb,AkfuYc,AvtSve,BDnJmb,COQbmf,Ctsu,EEDORb,EFQ78c,EGw7Od,EN3i8d,FCpbqb,G0cNrd,GGodmf,I6YDgd,IZ1fbc,IZT63,K0PMbc,KG2eXe,KUM7Z,L1AAkb,LDQI,LEikZe,MbBXlb,Mlhmy,MpJwZc,N5Lqpc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PkV8id,PrPYRd,RAnnUd,RMhBfe,RqjULd,Rusgnf,SCuOPb,STuCOe,SUKkyc,SpsfSb,SzsEAf,U0aPgd,UPKV3d,UUJqVe,Uas9Hd,UmWJEc,V3dDOb,VwDzFe,W2YXuc,WhJNk,Wt6vjf,XVMNvd,XVq9Qb,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,e3uIRe,eVCnO,el0Mne,fJpY1b,fKUV3e,fgj8Rb,fqEYIb,gychg,hc6Ubd,hhhU8,hmHrle,i1Z3Ub,i5H9N,i5dxUd,inNHtf,kSPLL,kWgXee,kibjWe,kmSu5b,lg30w,lsjVmc,ltDFwf,lwddkf,m9oV,mWLH9d,my67ye,n73qwf,njlZCf,nnwwYc,oLggrd,ovKuLd,pxq3x,q0xTif,qNG0Fc,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,uu7UOe,vDwyod,vHEMJe,vfuNJf,w9hDv,wGM7Jc,ws9Tlc,wzQaQb,xBaz7b,xQtZb,xUdipf,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb,zsCYJ,zy0vNb/excm=_b,_r,_tp,identifierview/ed=1/wt=2/rs=AOaEmlGzLkDw8HgXaNHlCVgRN7z2Xx5kwQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;Al0B8:kibjWe;UpnZUd:nnwwYc;YcO2nc:Hfn2lb;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;nTuGK:JKNPM;JsbNhc:Xd8iUd;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;oSUNyd:K0PMbc;SMDL4c:K0PMbc;vNjB7d:YTxL4;oXZmbc:tUnxGc;EkYFhd:BDnJmb;pXdRYb:fqEYIb;SNUn3:ZwDk9d/m=wg1P6b

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a7222c79d52454e508985c97aec3c4c27ee58a324dc9f995b560b072986c090

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.gocsooglc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 06:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 223582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3527
x-xss-protection: 0
last-modified: Sat, 18 Mar 2023 04:28:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Mar 2024 06:45:18 GMT

POST log
play.google.com/ 0
0

POST
H/1.1 403
Forbidden getuserinfo Show response
accounts.gocsooglc.com/ 66 B
390 B 897ms
543ms XHR
text/plain 82.180.139.65
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gocsooglc.com/getuserinfo
Requested by: Host: accounts.gocsooglc.com
URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 82.180.139.65 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: GSE /
Resource Hash: 7da745fdeabfa6228a55d5793668733bd0f1e5f6101d72d11731fbf96cf7942b

Request headers

Referer: https://accounts.gocsooglc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 23 Mar 2023 20:51:41 GMT
Server: GSE
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf8
Cache-Control: no-cache, no-store
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Mon, 01-Jan-1990 00:00:00 GMT

POST log
play.google.com/ 0
0

POST
H/1.1 200
OK browserinfo Show response
accounts.gocsooglc.com/v3/signin/_/AccountsSignInUi/ 90 B
1 KB 891ms
536ms XHR
application/json 82.180.139.65
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.gocsooglc.com/v3/signin/_/AccountsSignInUi/browserinfo?f.sid=-8783400730650439919&bl=boq_identityfrontendauthuiserver_20230319.08_p0&hl=en&_reqid=175100&rt=j
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.rqtvGJpSXgo.es5.O/am=gMfhwCCAOAeTIQAAAAAAAAAAwMLQBAQ/d=1/excm=_b,_r,_tp,identifierview/ed=1/dg=0/wt=2/rs=AOaEmlERGX5F8ncD4fXFOxobcZ-1w9YTmg/m=_b,_tp,_r
Protocol: HTTP/1.1
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 82.180.139.65 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: ESF /
Resource Hash: bf2a6bd855a80b09907daf750075a7118f9c9a4811f9f9f8ce9e9b952b51bfd4

Request headers

X-Same-Domain: 1
Referer: https://accounts.gocsooglc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 23 Mar 2023 20:51:42 GMT
Accept-Ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Server: ESF
Transfer-Encoding: chunked
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
Cross-Origin-Resource-Policy: same-site
Content-Disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cross-Origin-Opener-Policy-Report-Only: same-origin
Expires: Mon, 01 Jan 1990 00:00:00 GMT

POST log
play.google.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gocsooglc.com/	1970-01-20 10:33:28	Name: GxIe Value: 3b4a7cc72502b9c2acc8a884f75ed89496ebc470afd16d232c463d0a497dd487
accounts.gocsooglc.com/	1970-01-20 20:09:24	Name: __Host-GAPS Value: 1:v-R-alz83zAkY7YffzCmcP0Hz7og9Q:dKs-9Cay7yYokYpb
accounts.gocsooglc.com/	1970-01-20 11:16:36	Name: OTZ Value: 6955012_56_56__56_

19 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://s3.amazonaws.com/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=745bca546d38b4e8 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://s3.amazonaws.com/appforest_uf/f1679591161759x701306792706306600/Just%20a%20moment_fichiers/transparent.gif Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://killbot.org/api/v2/blocker?apikey=_J14k_5sHZiFR3C3uZ6NGBPph1iZq3g-aYSeTKmHUNJf_&ip=2a01:4a0:1338:92::12&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/111.0.5563.110%20Safari/537.36&url=?e=16d696140666c6578706f72742e636f6d Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.gocsooglc.com&v=1268115142&timestamp=1679604699019 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
javascript	error	URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ#16d696140666c6578706f72742e636f6d Message: Access to XMLHttpRequest at 'https://play.google.com/log?format=json&hasfast=true' from origin 'https://accounts.gocsooglc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://play.google.com' that is not equal to the supplied origin.
network	error	URL: https://play.google.com/log?format=json&hasfast=true Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/cspreport Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ#16d696140666c6578706f72742e636f6d Message: Access to XMLHttpRequest at 'https://play.google.com/log?format=json&hasfast=true' from origin 'https://accounts.gocsooglc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://play.google.com' that is not equal to the supplied origin.
network	error	URL: https://play.google.com/log?format=json&hasfast=true Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ#16d696140666c6578706f72742e636f6d Message: Access to XMLHttpRequest at 'https://play.google.com/log?format=json&hasfast=true' from origin 'https://accounts.gocsooglc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://play.google.com' that is not equal to the supplied origin.
network	error	URL: https://play.google.com/log?format=json&hasfast=true Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ#16d696140666c6578706f72742e636f6d Message: Access to XMLHttpRequest at 'https://play.google.com/log?format=json&hasfast=true' from origin 'https://accounts.gocsooglc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://play.google.com' that is not equal to the supplied origin.
network	error	URL: https://play.google.com/log?format=json&hasfast=true Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ#16d696140666c6578706f72742e636f6d Message: Access to XMLHttpRequest at 'https://play.google.com/log?format=json&hasfast=true' from origin 'https://accounts.gocsooglc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://play.google.com' that is not equal to the supplied origin.
network	error	URL: https://play.google.com/log?format=json&hasfast=true Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://accounts.gocsooglc.com/getuserinfo Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	error	URL: https://accounts.gocsooglc.com/v3/signin/identifier?dsh=S1308760528%3A1679604696588524&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en&ifkv=AQMjQ7SZMIIo6UiRVAN_NX8sGM6Spv0DbRZLc-Ol3-JfgE77uaKCsc__dUAS6lpYhsoTWtjbWSsOiQ#16d696140666c6578706f72742e636f6d Message: Access to XMLHttpRequest at 'https://play.google.com/log?format=json&hasfast=true' from origin 'https://accounts.gocsooglc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://play.google.com' that is not equal to the supplied origin.
network	error	URL: https://play.google.com/log?format=json&hasfast=true Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.gocsooglc.com
accounts.youtube.com
cdn.jsdelivr.net
fonts.gstatic.com
killbot.org
play.google.com
s3.amazonaws.com
www.google.com
www.gstatic.com
play.google.com
2606:4700:3030::6815:ba0
2a00:1450:4001:80e::2003
2a00:1450:4001:811::200e
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2003
2a04:4e42:200::485
52.217.111.190
82.180.139.65
2a7222c79d52454e508985c97aec3c4c27ee58a324dc9f995b560b072986c090
3709c89724a95cf262092be6357663c693b6af9d5dfe34b08a5e2f506f99cc68
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4b582f9d3acb775385e5834a308eeec10c7d48d6ac46a437e7c17fa3c469ae10
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b71d87f977d9c5074bf3e855ddf97220ed18622f2a5b30837b406e216de4bfa
624ae8383f5d77ba87f3d80fc4d69289d1b5db406c95cbb47af08752e5682b97
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
6e85494b6788a1f8e04efa6ff4393e099dda6921ee25a6833026d8c89fb8b5b6
79248fdbc051306fffc4d37d507388d30b1d0278944ef71873280c531ea5e2fc
79b82bcae3180799a9e444e296ef82a9341b75b78b09d599f7d03c8ff478cbd9
7da745fdeabfa6228a55d5793668733bd0f1e5f6101d72d11731fbf96cf7942b
814a602071cd3e158ac87bdf5bff9cfa6d9ca55a547b536cdac43d6660de3b19
a423bb363c6db28989a9b27472b7748390d4e51fffe6cb63f1b56237803a73dc
a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1
a89cfab7dfad9d24c0fa881edbd2318e363b6fb109e6ed575bd6e5c30b29f61d
a8afb6b80104b05d72d2b95d05ec6f2b174cdf47bb268f946a63f0b3ca6ae8c4
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bf2a6bd855a80b09907daf750075a7118f9c9a4811f9f9f8ce9e9b952b51bfd4
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e
d2edef1cb6860584fb7e37c5b6d2ce13d23db740bf61855f94242cf42f012732
d5f986569d61220db701c5d5b5865b8e71c080e34dd96cb8c3102e31fe7bdb77
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
ebfbcbdec98a871c12199905dd02e8062873ef46666183da11b26c788be1884b
fc6037b8a4ac00a593305850c4129975d049fddac51f325c6a17f0b04de23d07
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

accounts.gocsooglc.com Open in urlscan Pro 82.180.139.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

34 Requests

82 %HTTPS

75 %IPv6

7 Domains

9 Subdomains

9 IPs

2 Countries

984 kBTransfer

1616 kBSize

3 Cookies

2 Outgoing links

Page URL History

Redirected requests

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

accounts.gocsooglc.com Open in urlscan Pro
82.180.139.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

34
Requests

82 %
HTTPS

75 %
IPv6

7
Domains

9
Subdomains

9
IPs

2
Countries

984 kB
Transfer

1616 kB
Size

3
Cookies

34 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!