urlscan.io logo urlscan.io
SecurityTrails logo

docs.google.com Open in urlscan Pro
172.217.23.110  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://t.rimanggis.com/activities_web/track/click?msgid=b74bbbf3-8765-4e05-8a8e-d3f552bd8436&linkid=61436bfdc16f4b7a158...
Effective URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Submission: On September 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 172.217.23.110, located in United States and belongs to GOOGLE, US. The main domain is docs.google.com.
TLS certificate: Issued by GTS CA 1C3 on August 30th 2021. Valid for: 3 months.
This is the only time docs.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 18.181.103.96 16509 (AMAZON-02)
2 172.217.23.110 15169 (GOOGLE)
3 142.250.185.202 15169 (GOOGLE)
6 142.250.186.163 15169 (GOOGLE)
1 142.250.186.129 15169 (GOOGLE)
1 142.250.185.67 15169 (GOOGLE)
4 172.217.23.99 15169 (GOOGLE)
18 7
1    18.181.103.96 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-181-103-96.ap-northeast-1.compute.amazonaws.com
t.rimanggis.com
2    172.217.23.110 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f14.1e100.net
docs.google.com
3    142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
fonts.googleapis.com
6    142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net
www.gstatic.com
1    142.250.186.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f1.1e100.net
lh3.googleusercontent.com
1    142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net
ssl.gstatic.com
4    172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f3.1e100.net
fonts.gstatic.com
Domain Requested by
6 www.gstatic.com docs.google.com
www.gstatic.com
4 fonts.gstatic.com fonts.googleapis.com
3 fonts.googleapis.com docs.google.com
2 docs.google.com t.rimanggis.com
www.gstatic.com
1 ssl.gstatic.com www.gstatic.com
1 lh3.googleusercontent.com docs.google.com
1 t.rimanggis.com
18 7

This site contains links to these domains. Also see Links.

Domain
accounts.google.com
policies.google.com
www.google.com
Subject Issuer Validity Valid
*.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Frame ID: 9A685A88DEAB71C9255BD2F8519A2C78
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Free Seminar + Webinar Registration

Page URL History Show full URLs

  1. http://t.rimanggis.com/activities_web/track/click?msgid=b74bbbf3-8765-4e05-8a8e-d3f552bd8436&linkid... Page URL
  2. https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

18
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

537 kB
Transfer

1674 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://t.rimanggis.com/activities_web/track/click?msgid=b74bbbf3-8765-4e05-8a8e-d3f552bd8436&linkid=61436bfdc16f4b7a1583a159 Page URL
  2. https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
click
t.rimanggis.com/activities_web/track/ 		168 B
304 B 		Document
General
Check archive.org
Download Go to
Full URL
http://t.rimanggis.com/activities_web/track/click?msgid=b74bbbf3-8765-4e05-8a8e-d3f552bd8436&linkid=61436bfdc16f4b7a1583a159
Protocol
HTTP/1.1
Server
18.181.103.96 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-181-103-96.ap-northeast-1.compute.amazonaws.com
Software
Jetty(9.2.2.v20140723) /
Resource Hash

Request headers

Host
t.rimanggis.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Content-Type
text/html; charset=UTF-8
Server
Jetty(9.2.2.v20140723)
Content-Length
168
Connection
keep-alive
Primary Request viewform
docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/ 		117 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Requested by
Host: t.rimanggis.com
URL: http://t.rimanggis.com/activities_web/track/click?msgid=b74bbbf3-8765-4e05-8a8e-d3f552bd8436&linkid=61436bfdc16f4b7a1583a159
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f14.1e100.net
Software
GSE /
Resource Hash
26a056bb4787b457f15d56f71e7eabe9982f67c37e446d146cc3b713b071bc55
Security Headers
Name Value
Content-Security-Policy base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-hspXAermGDWfEVUiPwEt0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
docs.google.com
:scheme
https
:path
/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://t.rimanggis.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://t.rimanggis.com/

Response headers

content-type
text/html; charset=utf-8
x-robots-tag
noindex, nofollow, nosnippet
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 29 Sep 2021 01:57:23 GMT
content-encoding
gzip
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
referrer-policy
strict-origin-when-cross-origin
content-security-policy
base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-hspXAermGDWfEVUiPwEt0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
x-content-type-options
nosniff
x-xss-protection
1; mode=block
server
GSE
set-cookie
NID=511=tSq5TgDJZFLTa1EWPdfZGr4cfvAOwJvb0Ex-Kq_cA8IFXMzMV7-suBAqmTyOZVpT9aJeiQYaRLRtojvr2YqHFQuocfeKkU6QZKefj9hR34A1rSFJDhP0xuOgmUy7SFpsUKfaJcSAYzcP7CYeqnHPziTJe8Q-XIhmgapnm0HDH8w; expires=Thu, 31-Mar-2022 01:57:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none S=spreadsheet_forms=nKRXLXULo512PUkElpuIdyz7R58Kkjuomn_MfIw4pGU; Domain=.docs.google.com; Expires=Wed, 29-Sep-2021 02:57:23 GMT; Path=/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg; Secure; HttpOnly; Priority=LOW; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
icon
fonts.googleapis.com/ 		616 B
462 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons+Extended
Requested by
Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
2a3b8759015bcaa2d00216e8643866eeb016bbc8df92931cfcbfa28185b08510
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 29 Sep 2021 01:57:23 GMT
server
ESF
date
Wed, 29 Sep 2021 01:57:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Sep 2021 01:57:23 GMT
rs=AMjVe6jhPEC172w4sVKO1ncq1AQLs1IdWw
www.gstatic.com/_/freebird/_/ss/k=freebird.v.9439ewgjcyuq.L.W.O/d=1/ 		405 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/freebird/_/ss/k=freebird.v.9439ewgjcyuq.L.W.O/d=1/rs=AMjVe6jhPEC172w4sVKO1ncq1AQLs1IdWw
Requested by
Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
bec1595456a227e562201e1e2fa64e6ea9b93193b262443eaf8d2083cfebf174
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 24 Sep 2021 05:19:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
419848
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50884
x-xss-protection
0
last-modified
Thu, 23 Sep 2021 18:27:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="apps-forms"
expires
Sat, 24 Sep 2022 05:19:55 GMT
css
fonts.googleapis.com/ 		13 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,400i,500,700&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext
Requested by
Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
a8e157462bbb323e3c3b14d0248476188057c5ed0ef62aac748c1110a17fc19f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 29 Sep 2021 01:14:42 GMT
server
ESF
date
Wed, 29 Sep 2021 01:57:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Sep 2021 01:57:23 GMT
css
fonts.googleapis.com/ 		1 KB
942 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Product+Sans&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext
Requested by
Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
8815526f7d2667c75297c2094dace87a1aeb879f5f79e17195cd077a783b03c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 29 Sep 2021 01:09:59 GMT
server
ESF
date
Wed, 29 Sep 2021 01:57:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Sep 2021 01:57:23 GMT
googlelogo_dark_clr_74x24px.svg
www.gstatic.com/images/branding/googlelogo/svg/ 		1 KB
957 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_dark_clr_74x24px.svg
Requested by
Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
f4af84efe90891185d9b29a841181ca9d26d7560864ea47b6cd709d3b964aee3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 28 Sep 2021 22:02:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14087
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
689
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/svg+xml
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 28 Sep 2022 22:02:36 GMT
m=viewer_base
www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=1/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/ 		340 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=1/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/m=viewer_base
Requested by
Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
1531e5ade6aa1fb9a30adc012e456951d4d67c6a900cbf5818b1c4caddf570d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 01:23:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2039
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112784
x-xss-protection
0
last-modified
Tue, 28 Sep 2021 14:57:10 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="apps-forms"
expires
Thu, 29 Sep 2022 01:23:24 GMT
56NEc-AQVxNgNBHS-IXjLdTxIefChoA0QLem9Pbr7N_wXQaWVUNMSFWBH6BmiVf0pgCDolrwHsuYG1Vrste-PijtPgXINSVtwLorxB57bTZYlzUcYztb2RecPhhgh8ju7g=w1671
lh3.googleusercontent.com/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/56NEc-AQVxNgNBHS-IXjLdTxIefChoA0QLem9Pbr7N_wXQaWVUNMSFWBH6BmiVf0pgCDolrwHsuYG1Vrste-PijtPgXINSVtwLorxB57bTZYlzUcYztb2RecPhhgh8ju7g=w1671
Requested by
Host: docs.google.com
URL: https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.129 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f1.1e100.net
Software
fife /
Resource Hash
29e98f7bfb97c1f48a10ca02e22d83e74f330ed1e38fd47e0074d3bda39f383c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 01:57:24 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="AF1QipOvDtl8okzo7OZM9gRChjOKQClFsuptJhZ_FjRN=w1671-h417.jpg"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
73645
x-xss-protection
0
expires
Thu, 30 Sep 2021 01:57:24 GMT
qp_sprite148.svg
ssl.gstatic.com/docs/forms/ 		114 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/docs/forms/qp_sprite148.svg
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/ss/k=freebird.v.9439ewgjcyuq.L.W.O/d=1/rs=AMjVe6jhPEC172w4sVKO1ncq1AQLs1IdWw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
8e9f7472d752e754bb607169f75274ec615bac4aac53fef8fd28ceecb91f7020
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 21:04:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
449571
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13393
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 21:08:00 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-type
image/svg+xml
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="docs"
expires
Fri, 23 Sep 2022 21:04:32 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,400i,500,700&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://docs.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 28 Sep 2021 04:08:17 GMT
x-content-type-options
nosniff
age
78546
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 28 Sep 2022 04:08:17 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,400i,500,700&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://docs.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:27:37 GMT
x-content-type-options
nosniff
age
116986
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 27 Sep 2022 17:27:37 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,400i,500,700&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://docs.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 28 Sep 2021 08:44:05 GMT
x-content-type-options
nosniff
age
61998
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 28 Sep 2022 08:44:05 GMT
pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
fonts.gstatic.com/s/productsans/v13/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/productsans/v13/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Product+Sans&subset=latin,vietnamese,latin-ext,cyrillic,greek,cyrillic-ext,greek-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
57243fd434e21b8aff3ac902f17e5a94e4a9e28412df169d0b1804ef25f5de43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://docs.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 28 Sep 2021 08:52:32 GMT
x-content-type-options
nosniff
age
61491
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35140
x-xss-protection
0
last-modified
Mon, 19 Apr 2021 22:53:52 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 28 Sep 2022 08:52:32 GMT
m=MpJwZc,n73qwf,NpD4ec,ws9Tlc,sy0,syx,syy,syz,sy1,sy10,sy1d,sy2y,sy2z,V3dDOb,sy2k,gkf10d,j2YlP,sy6,sy7,sya,sy8,sy1a,sy19,OShpD,syw,sy14,sy1e,sy11,sy1f,sy1n,sy3d,A4UTCb,sy2,xiqF3,owcnme,sy22,De38hd,...
www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=0/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/ 		436 KB
135 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=0/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/m=MpJwZc,n73qwf,NpD4ec,ws9Tlc,sy0,syx,syy,syz,sy1,sy10,sy1d,sy2y,sy2z,V3dDOb,sy2k,gkf10d,j2YlP,sy6,sy7,sya,sy8,sy1a,sy19,OShpD,syw,sy14,sy1e,sy11,sy1f,sy1n,sy3d,A4UTCb,sy2,xiqF3,owcnme,sy22,De38hd,sy24,sy2u,Sk9apb,J8mJTc,UUJqVe,eFy6Rc,CP1oW,syr,KornIe,sy1w,sbHRWb,sy35,sy4h,cNHZjb,syi,syg,sy1s,sy15,sy1t,sy2m,pxq3x,syu,sy2l,O6y8ed,sy36,sy37,sy39,syb,sy38,sy3a,Xhpexc,Q91hve,sy9,sy3,sy2q,sy2r,mRfQQ,sy3c,sy3b,CFa0o,sy3e,VXdfxd,sy3n,sy3o,sy3l,sy3r,sy3m,sy3p,sy3s,Y9atKf,sy3q,sy3t,s39S4,wPRNsd,sy1q,ENNBBf,L1AAkb,sy1b,KUM7Z,QvB8bb,bCfhJc,sy2n,syc,u9ZRK,pItcJd,yZuGp,aW3pY,KFVhZe,sy2v,sy2w,sy2x,I6YDgd,sy3f,N5Lqpc,sy1h,sy1i,sy1c,sy1j,sy1k,sy1u,uiNkee,sy1g,sy1l,sy1m,sy1o,sy1p,sy1r,sy1v,fgj8Rb,sy5f,sy5g,sy5h,xQtZb,IvDHfc,sy34,sy3g,sy33,EcW08c,sy3h,sy3i,sy3j,t8tqF,sy13,p2tbsc,d8PXFf,atgb9d,ERCn7d,sy1x,sy1y,sy1z,LxALBf,rHjpXd,sy4c,SM1lmd,QwQO1b,WdhPgc,sy26,sy29,QMSdQb,JCrucd,ok0nye,sy28,xmYr4,sy48,sy31,sy17,sy2s,sy3k,sy47,sy49,sy4a,sy32,sy3u,sy3x,sy46,sy3v,sy43,sy44,sy45,sy3y,sy3z,sy40,sy41,sy42,RGrRJf,OkF2xb,oZECf,ID6c7,sy3w,sy4f,sy4i,sy4j,rmdjlf,hYei2d,sy18,A2m8uc,pFu8T,TOfxwf,sy4g,sy4p,lSvzH,yUS4Lc,KOZzeb,D8e5bc,j0HcBf,sy4b,oCiKKc,UmOCme
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=1/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/m=viewer_base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
b8ddbee6a798cb1c5a626e40af3eea04254002b464a7d248dd61dd654f364c79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 15:44:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
123203
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
137870
x-xss-protection
0
last-modified
Thu, 23 Sep 2021 18:27:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://docs.google.com
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="apps-forms"
expires
Tue, 27 Sep 2022 15:44:00 GMT
lazy.min.js
www.gstatic.com/feedback/js/help/prod/service/ 		81 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=0/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/m=MpJwZc,n73qwf,NpD4ec,ws9Tlc,sy0,syx,syy,syz,sy1,sy10,sy1d,sy2y,sy2z,V3dDOb,sy2k,gkf10d,j2YlP,sy6,sy7,sya,sy8,sy1a,sy19,OShpD,syw,sy14,sy1e,sy11,sy1f,sy1n,sy3d,A4UTCb,sy2,xiqF3,owcnme,sy22,De38hd,sy24,sy2u,Sk9apb,J8mJTc,UUJqVe,eFy6Rc,CP1oW,syr,KornIe,sy1w,sbHRWb,sy35,sy4h,cNHZjb,syi,syg,sy1s,sy15,sy1t,sy2m,pxq3x,syu,sy2l,O6y8ed,sy36,sy37,sy39,syb,sy38,sy3a,Xhpexc,Q91hve,sy9,sy3,sy2q,sy2r,mRfQQ,sy3c,sy3b,CFa0o,sy3e,VXdfxd,sy3n,sy3o,sy3l,sy3r,sy3m,sy3p,sy3s,Y9atKf,sy3q,sy3t,s39S4,wPRNsd,sy1q,ENNBBf,L1AAkb,sy1b,KUM7Z,QvB8bb,bCfhJc,sy2n,syc,u9ZRK,pItcJd,yZuGp,aW3pY,KFVhZe,sy2v,sy2w,sy2x,I6YDgd,sy3f,N5Lqpc,sy1h,sy1i,sy1c,sy1j,sy1k,sy1u,uiNkee,sy1g,sy1l,sy1m,sy1o,sy1p,sy1r,sy1v,fgj8Rb,sy5f,sy5g,sy5h,xQtZb,IvDHfc,sy34,sy3g,sy33,EcW08c,sy3h,sy3i,sy3j,t8tqF,sy13,p2tbsc,d8PXFf,atgb9d,ERCn7d,sy1x,sy1y,sy1z,LxALBf,rHjpXd,sy4c,SM1lmd,QwQO1b,WdhPgc,sy26,sy29,QMSdQb,JCrucd,ok0nye,sy28,xmYr4,sy48,sy31,sy17,sy2s,sy3k,sy47,sy49,sy4a,sy32,sy3u,sy3x,sy46,sy3v,sy43,sy44,sy45,sy3y,sy3z,sy40,sy41,sy42,RGrRJf,OkF2xb,oZECf,ID6c7,sy3w,sy4f,sy4i,sy4j,rmdjlf,hYei2d,sy18,A2m8uc,pFu8T,TOfxwf,sy4g,sy4p,lSvzH,yUS4Lc,KOZzeb,D8e5bc,j0HcBf,sy4b,oCiKKc,UmOCme
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
27b7bdbb6b77f4238a0af53fa51168eec424660ac65eb166d3927335824e07ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 01:45:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
724
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29401
x-xss-protection
0
last-modified
Tue, 28 Sep 2021 21:57:28 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="product-feedback-gathering"
expires
Wed, 29 Sep 2021 02:35:20 GMT
m=sWGJ4b
www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=0/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/ 		770 B
530 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=0/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/m=sWGJ4b
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=1/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/m=viewer_base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
sffe /
Resource Hash
b0c11bca9334f3dde627ff57245677bfbf75e9b56636f42d4d5975f7c60f8286
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://docs.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 24 Sep 2021 18:09:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
373658
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-forms
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
503
x-xss-protection
0
last-modified
Thu, 23 Sep 2021 18:27:21 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"apps-forms","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-forms"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://docs.google.com
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="apps-forms"
expires
Sat, 24 Sep 2022 18:09:46 GMT
naLogImpressions
docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/ 		0
13 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/naLogImpressions
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/freebird/_/js/k=freebird.v.de.KaOlV5S9-mY.O/d=1/rs=AMjVe6jVRTg_RA7tbEyZXvYLh31LSugAqw/m=viewer_base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f14.1e100.net
Software
GSE /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-JVi6fCfTf561MK3MD4zIVA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'

Request headers

sec-fetch-mode
cors
x-same-domain
1
origin
https://docs.google.com
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
empty
cookie
S=spreadsheet_forms=nKRXLXULo512PUkElpuIdyz7R58Kkjuomn_MfIw4pGU; NID=511=tSq5TgDJZFLTa1EWPdfZGr4cfvAOwJvb0Ex-Kq_cA8IFXMzMV7-suBAqmTyOZVpT9aJeiQYaRLRtojvr2YqHFQuocfeKkU6QZKefj9hR34A1rSFJDhP0xuOgmUy7SFpsUKfaJcSAYzcP7CYeqnHPziTJe8Q-XIhmgapnm0HDH8w
content-length
3056
:path
/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/naLogImpressions
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/x-www-form-urlencoded;charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
docs.google.com
referer
https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
:scheme
https
sec-fetch-site
same-origin
:method
POST
X-Same-Domain
1
Referer
https://docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg/viewform
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 29 Sep 2021 01:57:24 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-JVi6fCfTf561MK3MD4zIVA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
GSE
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| WIZ_global_data object| _docs_flag_initialData object| gbar_ object| gbar string| __PVT object| gapi object| ___jsl object| FB_PUBLIC_LOAD_DATA_ object| default_v function| _getTimingInstance function| _docsTiming string| g object| closure_lm_115231 object| fb_wizbind object| help object| hgb object| userfeedback function| fpHtcb

2 Cookies

Domain/Path Name / Value
.docs.google.com/forms/d/e/1FAIpQLSf45Mm1CRLCRhHjAdCdp7C5_mb17kpp8CNzZS847V2Z8R8SBg Name: S
Value: spreadsheet_forms=nKRXLXULo512PUkElpuIdyz7R58Kkjuomn_MfIw4pGU
.google.com/ Name: NID
Value: 511=tSq5TgDJZFLTa1EWPdfZGr4cfvAOwJvb0Ex-Kq_cA8IFXMzMV7-suBAqmTyOZVpT9aJeiQYaRLRtojvr2YqHFQuocfeKkU6QZKefj9hR34A1rSFJDhP0xuOgmUy7SFpsUKfaJcSAYzcP7CYeqnHPziTJe8Q-XIhmgapnm0HDH8w

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

docs.google.com
fonts.googleapis.com
fonts.gstatic.com
lh3.googleusercontent.com
ssl.gstatic.com
t.rimanggis.com
www.gstatic.com
142.250.185.202
142.250.185.67
142.250.186.129
142.250.186.163
172.217.23.110
172.217.23.99
18.181.103.96
1531e5ade6aa1fb9a30adc012e456951d4d67c6a900cbf5818b1c4caddf570d7
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
26a056bb4787b457f15d56f71e7eabe9982f67c37e446d146cc3b713b071bc55
27b7bdbb6b77f4238a0af53fa51168eec424660ac65eb166d3927335824e07ed
29e98f7bfb97c1f48a10ca02e22d83e74f330ed1e38fd47e0074d3bda39f383c
2a3b8759015bcaa2d00216e8643866eeb016bbc8df92931cfcbfa28185b08510
57243fd434e21b8aff3ac902f17e5a94e4a9e28412df169d0b1804ef25f5de43
8815526f7d2667c75297c2094dace87a1aeb879f5f79e17195cd077a783b03c5
8e9f7472d752e754bb607169f75274ec615bac4aac53fef8fd28ceecb91f7020
a8e157462bbb323e3c3b14d0248476188057c5ed0ef62aac748c1110a17fc19f
b0c11bca9334f3dde627ff57245677bfbf75e9b56636f42d4d5975f7c60f8286
b8ddbee6a798cb1c5a626e40af3eea04254002b464a7d248dd61dd654f364c79
bec1595456a227e562201e1e2fa64e6ea9b93193b262443eaf8d2083cfebf174
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4af84efe90891185d9b29a841181ca9d26d7560864ea47b6cd709d3b964aee3