sites.google.com Open in urlscan Pro
2a00:1450:4001:82f::200e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall
Submission Tags: https://phish.report @phish_report Search All
Submission: On April 28 via api (April 28th 2023, 7:33:13 pm UTC) from FI — Scanned from FI

Summary HTTP 48 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 6 domains to perform 48 HTTP transactions. The main IP is 2a00:1450:4001:82f::200e, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is sites.google.com. The Cisco Umbrella rank of the primary domain is 9827.
TLS certificate: Issued by GTS CA 1C3 on April 3rd 2023. Valid for: 3 months.

This is the only time sites.google.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
7	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1 6	104.18.22.9 104.18.22.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223f:3600:8:2495:5540:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:214... 2600:9000:214f:5e00:4:f6ce:61c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:9000:16:a497:9700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.236.90.28 34.236.90.28	14618 (AMAZON-AES) (AMAZON-AES)
4	54.225.127.151 54.225.127.151	14618 (AMAZON-AES) (AMAZON-AES)
48	13

7 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

sites.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh4.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.22.9 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

psf51mc35ch.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:3600:8:2495:5540:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:214f:5e00:4:f6ce:61c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

renderer-assets.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:9000:16:a497:9700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.rudderlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.236.90.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-90-28.compute-1.amazonaws.com

rudderstack-control-plane.cdp.prod.data.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.225.127.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-127-151.compute-1.amazonaws.com

rudderstack.cdp.prod.data.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	typeform.com psf51mc35ch.typeform.com Failed images.typeform.com — Cisco Umbrella Rank: 68341 renderer-assets.typeform.com — Cisco Umbrella Rank: 60865 rudderstack-control-plane.cdp.prod.data.typeform.com — Cisco Umbrella Rank: 70595 rudderstack.cdp.prod.data.typeform.com — Cisco Umbrella Rank: 68469	576 KB
14	google.com sites.google.com — Cisco Umbrella Rank: 9827 apis.google.com — Cisco Umbrella Rank: 236 play.google.com — Cisco Umbrella Rank: 74	178 KB
12	gstatic.com www.gstatic.com fonts.gstatic.com	825 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	3 KB
1	rudderlabs.com cdn.rudderlabs.com — Cisco Umbrella Rank: 15130	133 KB
1	googleusercontent.com lh4.googleusercontent.com — Cisco Umbrella Rank: 1205	167 KB
48	6

	Domain	Requested by
9	www.gstatic.com	sites.google.com www.gstatic.com
7	apis.google.com	sites.google.com apis.google.com www.gstatic.com
6	psf51mc35ch.typeform.com	www.gstatic.com psf51mc35ch.typeform.com renderer-assets.typeform.com
5	renderer-assets.typeform.com	psf51mc35ch.typeform.com renderer-assets.typeform.com
4	rudderstack.cdp.prod.data.typeform.com	renderer-assets.typeform.com
4	play.google.com	www.gstatic.com
3	fonts.gstatic.com	fonts.googleapis.com
3	sites.google.com	www.gstatic.com
2	rudderstack-control-plane.cdp.prod.data.typeform.com	renderer-assets.typeform.com
2	fonts.googleapis.com	sites.google.com
1	cdn.rudderlabs.com	renderer-assets.typeform.com
1	images.typeform.com	psf51mc35ch.typeform.com
1	lh4.googleusercontent.com	sites.google.com
48	13

This site contains links to these domains. Also see Links.

Domain
www.google.com

Subject Issuer	Validity	Valid
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
typeform.com Cloudflare Inc ECC CA-3	`2022-06-27` - `2023-06-26`	a year	crt.sh
*.typeform.com Amazon RSA 2048 M01	`2023-02-24` - `2023-10-29`	8 months	crt.sh
*.rudderlabs.com Amazon RSA 2048 M02	`2023-02-21` - `2023-08-12`	6 months	crt.sh
cdp.prod.data.typeform.com Amazon RSA 2048 M02	`2023-02-23` - `2024-02-01`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall
Frame ID: 4E6A8C7062404B446218DC043E758EB0
Requests: 21 HTTP requests in this frame

Frame: https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.fi.RLCPd0pGqbI.O%2Fd%3D1%2Frs%3DAHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ%2Fm%3D__features__&r=130545491
Frame ID: 37DFFED7DD4D337AE623CA7B7DE6C62B
Requests: 6 HTTP requests in this frame

Frame: https://psf51mc35ch.typeform.com/to/lmpfrRij
Frame ID: 0EB8324C819A464F1FE56720A376E4B9
Requests: 1 HTTP requests in this frame

Frame: https://psf51mc35ch.typeform.com/to/lmpfrRij
Frame ID: 0C551B55B5B72AC0544D61E4B88E8AEA
Requests: 12 HTTP requests in this frame

Frame: https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
Frame ID: 56830ACCF6491DF5D510FDFFF7FDD21C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MlCROSOFT 0FFlCE 365 - MAlL

Detected technologies

Google Sites (CMS) Expand

Overall confidence: 100%
Detected patterns

^https?://sites\.google\.com

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Page Statistics

48
Requests

96 %
HTTPS

75 %
IPv6

6
Domains

13
Subdomains

13
IPs

3
Countries

1882 kB
Transfer

6220 kB
Size

6
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.google.com/policies/technologies/cookies/
Title: Lisätietoja

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request mlcrosoft-0fflce-365-mall Show response
sites.google.com/office-remittance.com/rty/ 63 KB
13 KB 380ms
241ms Document
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ee593c3c2c549b77750eaba0bd0fc134ef34c64209d9208f4b2030c226b7066c

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-aI2pWLs2ziU0jpvPwcgcig' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-aI2pWLs2ziU0jpvPwcgcig' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
content-type: text/html; charset=utf-8
cross-origin-opener-policy: unsafe-none
date: Fri, 28 Apr 2023 19:33:07 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: ESF
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ 23 KB
1 KB 232ms
87ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

da4331fd642e6f5ab2fdb08f5041af6ed450f9177191ceedec6cf966753ab1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Apr 2023 19:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 17:37:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Apr 2023 19:33:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 215ms
70ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3Ai%2Cbi%2C700%2C400%7CRoboto%3Ai%2Cbi%2C700%2C400&display=swap

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

145607389b6d7d2f4e36c9c3fb075349cb3efa62dc0c067143e2faf3a5a5573c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Apr 2023 19:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 19:17:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Apr 2023 19:33:07 GMT

GET
H2 200 rs=AGEqA5n5BPWCeMGvuOyDHOfNlATIDU59zQ
www.gstatic.com/_/atari/_/ss/k=atari.vw.yCPfeKC3HvE.L.W.O/d=1/ 1 MB
146 KB 206ms
62ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/ss/k=atari.vw.yCPfeKC3HvE.L.W.O/d=1/rs=AGEqA5n5BPWCeMGvuOyDHOfNlATIDU59zQ

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6dcc27d19122c1cb2d5b2c30730878fbb9e38e140cc4b49f51b97c729b14477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 07:26:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 561983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148599
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Sun, 21 Apr 2024 07:26:44 GMT

GET
H2 200 client.js Show response
apis.google.com/js/ 17 KB
7 KB 205ms
70ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js?onload=gapiLoaded

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

132926ea1cff48d7d3e5cefb0781977411f44fee28355e095d594f939c6f4192

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 28 Apr 2023 19:33:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6894
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "5f321c777a1d7773"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:33:07 GMT

GET
H2 200 m=view Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/ 562 KB
191 KB 347ms
244ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6dc0619efbce34ca74a27292a69083c2e4e9d8aee82f54ad6a176add21364e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:37:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280567
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 195337
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Wed, 24 Apr 2024 13:37:00 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/ 315 KB
108 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js?onload=gapiLoaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e779992ace543f715102af0c31dd34d3b2f65bff0ba108d0a10cfef268ea32b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 18:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177852
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109921
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Apr 2024 18:08:55 GMT

GET
H2 200 _QUrIK7igddkvd8_0C0OuYGWIEAs8BKTZZgLq3aYzNNdVolam4OciZ-cc6Ro6F2aeqw_Wrfew01j2LMTZGv93ag=w16383
lh4.googleusercontent.com/ 167 KB
167 KB 408ms
251ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/_QUrIK7igddkvd8_0C0OuYGWIEAs8BKTZZgLq3aYzNNdVolam4OciZ-cc6Ro6F2aeqw_Wrfew01j2LMTZGv93ag=w16383

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fa62c98e730e29e0c76279345adf39d3b95ce0ffe1695b0936ecfef47b1a7481

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:33:08 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Untitled.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170945
x-xss-protection: 0
expires: Sat, 29 Apr 2023 19:33:08 GMT

GET
H2 200 intermediate-frame-minified.html Show response
www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/ Frame 37DF 2 KB
1 KB 62ms
61ms Document
text/html 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3704afefd25c94315efcbcb4513deedbd292002ec51691e6cffe69d2262d7927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 526123
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 922
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 17:24:24 GMT
expires: Sun, 21 Apr 2024 17:24:24 GMT
last-modified: Fri, 21 Apr 2023 04:27:30 GMT
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 191ms
61ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sites.google.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:06:17 GMT
x-content-type-options: nosniff
age: 62810
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Apr 2024 02:06:17 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v46/ 29 KB
29 KB 206ms
76ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sites.google.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 05:16:02 GMT
x-content-type-options: nosniff
age: 569825
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29728
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 16:59:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 05:16:02 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 280ms
150ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sites.google.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 21:03:36 GMT
x-content-type-options: nosniff
age: 512971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 21:03:36 GMT

GET
H2 200 m=sy1b,sy1c,sy1a,FoQBg Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/ 37 KB
12 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=sy1b,sy1c,sy1a,FoQBg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffe023a48b7217872ffa5a4ff3bf04c87a0d92d16bed9291f3c4271530260cbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:37:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12628
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Wed, 24 Apr 2024 13:37:01 GMT

GET
H2 200 m=sy2l,TRvtze Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/ 850 B
556 B 62ms
62ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=sy2l,TRvtze

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72e714ac6da221b18f3ad8e3a31cb09fbcf9b5d2b2e873260f32259bb9a86d5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:37:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 491
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Wed, 24 Apr 2024 13:37:01 GMT

GET
H2 200 m=MpJwZc,n73qwf,A4UTCb,qAKInc,sy15,TGYpv,sy11,X85Uvc,HIeYee,QxOCld,sy2m,abQiW,W26a5e,hJUyqe,sy13,sy18,sy14,sy16,sy17,fuVYe,syj,ruhlUe,KUM7Z,XDKZTc,sy12,qkPXAf,zPx2U,qEW1W,oNFsLb,sy3k,yxTchf,sy3l,sy... Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/ 1 MB
392 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=MpJwZc,n73qwf,A4UTCb,qAKInc,sy15,TGYpv,sy11,X85Uvc,HIeYee,QxOCld,sy2m,abQiW,W26a5e,hJUyqe,sy13,sy18,sy14,sy16,sy17,fuVYe,syj,ruhlUe,KUM7Z,XDKZTc,sy12,qkPXAf,zPx2U,qEW1W,oNFsLb,sy3k,yxTchf,sy3l,sy3m,xQtZb,yf2Bs,sy2,sy8,yyxWAc,qddgKe,sy2o,SM1lmd,sy6,sy5,syy,RRzQxe,zZvHmd,sy7,sya,syk,sy9,fNFZH,sy2n,sy1p,syl,RrXLpc,cgRV2c,sy10,sy1q,o1L5Wb,X4BaPc,syf,Md9ENb,sy1h,sy1i,sy1j,syn,syp,sy1e,sy1f,sy1g,sy1o,syo,syx,syz,KlrXId,NlqxW,sy1m,sy1n,sy1l,syb,sys,sy1k,sy1s,sy1v,sy1x,sy22,sy1t,sy21,sy29,sy1r,sy1u,sy1z,sy1w,sy20,sy23,sy27,sy28,sy2b,sy2c,sy1d,T807ad,sy1y,ZDEHrf,sy24,sy25,sy26,sy2a,oy3iwb,dBhIIb,syq,Yr1Pcb,LUQjOd,J9ssyb,SB123c,UubMM,YoEZUb,JKfHhb,DJtOxf,pA2mAb,gypOCd,X4FC5,kYfebb,XMtvld,rrOIJc,ZdZQ6b,Euz7Lc,sAbmxd,heobjb,R4KMEc,sy2d,sy2e,sy2f,sy2g,UYjpC,vVEdxc,sy3,VYKRW,sy19,CG0Qwb,RZ9OZ,N0NZx

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed497b824ce8c6ac463e58e90316201f74c64a75f8192d3facfc21d1ac798e58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:32:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 401488
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Sat, 27 Apr 2024 19:32:57 GMT

GET
H2 200 m=sy3b,IZT63,vfuNJf,sy35,sy39,sy3c,sy3p,sy3n,sy3o,siKnQd,sy33,sy3a,sy3e,YNjGDd,sy3d,sy3f,PrPYRd,iFQyKf,hc6Ubd,sy3q,SpsfSb,sy36,sy38,wR5FRb,pXdRYb,dIoSBb,zbML3c Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/ 27 KB
10 KB 117ms
117ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=sy3b,IZT63,vfuNJf,sy35,sy39,sy3c,sy3p,sy3n,sy3o,siKnQd,sy33,sy3a,sy3e,YNjGDd,sy3d,sy3f,PrPYRd,iFQyKf,hc6Ubd,sy3q,SpsfSb,sy36,sy38,wR5FRb,pXdRYb,dIoSBb,zbML3c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77c48854ef9d37c2db84d8c016f062be0a80e8602b63a08280b7d1687b9c35e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:37:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10126
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Wed, 24 Apr 2024 13:37:01 GMT

GET
H2 200 m=m9oV,sy3g,NTMZac,rCcCxc,mzzZzc,RAnnUd,sy2p,sy2q,uu7UOe,nAFL3,sy2i,gJzDyc,sy2r,sy2s,soHxf,syv,syu,HYv29e,sy2t,uY3Nvd Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/ 33 KB
11 KB 98ms
98ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=0/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=m9oV,sy3g,NTMZac,rCcCxc,mzzZzc,RAnnUd,sy2p,sy2q,uu7UOe,nAFL3,sy2i,gJzDyc,sy2r,sy2s,soHxf,syv,syu,HYv29e,sy2t,uY3Nvd

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf6b57c10c4b08d69a742a47d5b9a5879382fa4c19c6289940ded9f16b3286b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:37:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 280566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10838
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Wed, 24 Apr 2024 13:37:01 GMT

GET
H2 200 api.js Show response
apis.google.com/js/ Frame 37DF 17 KB
7 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js?checkCookie=1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2759fa9c24c84cd076d3db6ae38c90cd0ad943bba3f50d85169add0e3accb3db

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 28 Apr 2023 19:33:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6892
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "9b303ba4e0c7358b"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:33:07 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 198ms
67ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://sites.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://sites.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 28 Apr 2023 19:33:08 GMT
expires: Fri, 28 Apr 2023 19:33:08 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ 131 B
155 B 72ms
72ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/
X-Goog-AuthUser: 0
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 28 Apr 2023 19:33:08 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sites.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 28 Apr 2023 19:33:08 GMT

POST
H2 200 logImpressions Show response
sites.google.com/_/view/ 16 B
220 B 175ms
174ms XHR
application/json 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sites.google.com/_/view/logImpressions?authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d47b4a1cc0393424720bded5988a28f4e9146fd265ecb416b79cf0d6ac81f6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 19:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/ Frame 37DF 50 KB
18 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js?checkCookie=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f555d342efa826d76bf8ebe52dd730f6904561391b61e506b0d9c81e9f4ea45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 04:09:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 487399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18094
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 22 Apr 2024 04:09:49 GMT

GET
H3 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=gapi_rpc/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/ 261 B
202 B 62ms
61ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=gapi_rpc/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/cb=gapi.loaded_1?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js?onload=gapiLoaded

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e1690cbe8d2d7370b41ac224c11b7027cd4825a665f71cb1ed534fbcffa42da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 03:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 490694
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 175
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 22 Apr 2024 03:14:54 GMT

GET
H3 200 intermediate-frame-minified.html Show response
www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/ Frame 37DF 2 KB
947 B 70ms
70ms Document
text/html 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.fi.RLCPd0pGqbI.O%2Fd%3D1%2Frs%3DAHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ%2Fm%3D__features__&r=130545491

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3704afefd25c94315efcbcb4513deedbd292002ec51691e6cffe69d2262d7927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 922
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
cross-origin-resource-policy: cross-origin
date: Fri, 28 Apr 2023 19:33:08 GMT
expires: Sat, 27 Apr 2024 19:33:08 GMT
last-modified: Fri, 28 Apr 2023 14:24:18 GMT
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET lmpfrRij
psf51mc35ch.typeform.com/to/ Frame 0EB8 0
0

GET
H3 200 api.js Show response
apis.google.com/js/ Frame 37DF 17 KB
7 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js?checkCookie=1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.fi.RLCPd0pGqbI.O%2Fd%3D1%2Frs%3DAHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ%2Fm%3D__features__&r=130545491

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2759fa9c24c84cd076d3db6ae38c90cd0ad943bba3f50d85169add0e3accb3db

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 28 Apr 2023 19:33:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6892
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "9b303ba4e0c7358b"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:33:08 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/ Frame 37DF 50 KB
18 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fi.RLCPd0pGqbI.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-iZi-cGWRxDzNQrzjYOJ_p3rSgfQ/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js?checkCookie=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f555d342efa826d76bf8ebe52dd730f6904561391b61e506b0d9c81e9f4ea45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 04:09:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 487399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18094
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 22 Apr 2024 04:09:49 GMT

GET
H2 200 lmpfrRij Show response
psf51mc35ch.typeform.com/to/ Frame 0C55 108 KB
35 KB 487ms
486ms Document
text/html 104.18.22.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/to/lmpfrRij

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / 7820-7.48.1

Resource Hash

546a4b22634857cf25888c9ae7aa0a116519ef78f14e2997a5c966c56c394d4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gstatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

access-control-allow-headers: X-Typeform-Key, Content-Type, Authorization, Typeform-Version, typeform-app
access-control-allow-methods: GET, OPTIONS, POST, PUT, PATCH, DELETE
access-control-expose-headers: Location, X-Request-Id
age: 27196
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7bf1bc37583b992c-ARN
content-encoding: gzip
content-security-policy-report-only: report-uri https://typeformforms.report-uri.com/r/t/csp/reportOnly; default-src 'self' https: data: blob: chrome-extension: moz-extension: safari-extension:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https:; worker-src 'self' blob:; manifest-src public-assets.typeform.com; form-action 'none'; frame-ancestors 'self' http://localhost:* capacitor: iconic: https:; base-uri 'self'; child-src wvjbscheme: https:; connect-src 'self' wss: https: chrome-extension: moz-extension: safari-extension:; style-src 'self' 'unsafe-inline' https:
content-type: text/html; charset=utf-8
date: Fri, 28 Apr 2023 19:33:08 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gjeb3LcYXXowflSZd1AgJQltNbeLutag5mSmEUI9A82JeIlmX6%2Bo2thIuqA2YdcsNmHrmBLgvhnwR%2BBcWFDawolisfBKPT4jl9CuI3aIgeX%2BiJxtPyLt4LRa67U2yvZzLGOCSPmiW0CKmg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cache: HIT
x-cache-lookup: HIT
x-envoy-upstream-service-time: 0
x-powered-by: 7820-7.48.1
x-varnish: 9222194 990421

GET
H2 200 rPiZe7XpjxpF
images.typeform.com/images/ Frame 0C55 2 KB
3 KB 212ms
62ms Image
image/png 2600:9000:223f:3600:8:2495:5540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.typeform.com/images/rPiZe7XpjxpF

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:3600:8:2495:5540:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e383b6bc4a168320f6866b83e178fe7bc94612fb6ff925d2ca01c8880b475c68

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 10:49:30 GMT
content-security-policy: script-src 'self'
via: 1.1 fd3cce3e0bafd8b312277d0ad9f4762e.cloudfront.net (CloudFront), 1.1 0c39e892d8c809025c8f47425847f680.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2, FRA56-P5
age: 31419
x-amzn-requestid: 279844fe-73d0-456e-9c2a-879284737fc9
x-amzn-trace-id: Root=1-644ba4ba-3eabb9b33a7903195e38a93e;Sampled=0;lineage=1e19b125:0
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1296000
x-amz-apigw-id: EFatHEproAMFYGw=
content-length: 2486
x-amz-cf-id: AyvBjX_8UVI3JvhMAcN2tjg3jcpG5yakmJJ_9wLbciNr77SwMH5nAw==

GET
H2 200 modern-renderer.6b1a38da991ee5c144be.js Show response
renderer-assets.typeform.com/ Frame 0C55 787 KB
231 KB 188ms
71ms Script
application/x-javascript 2600:9000:214f:5e00:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Requested by: Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:5e00:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f86e9d891b3a08409094557c6011d1c514eca236292f8fb491a92f3d03b175cc

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
Origin: https://psf51mc35ch.typeform.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: A9mF2FHFx9rXBfGL1ApOCsmpF2sSpwQQ
content-encoding: gzip
via: 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
date: Fri, 28 Apr 2023 07:33:15 GMT
x-amz-cf-pop: FRA53-C1
age: 43195
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Apr 2023 13:55:06 GMT
server: AmazonS3
etag: W/"2c0fb83f49a948e1eb5c9daa016e7a8c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: max-age=2419200
x-amz-cf-id: qtzQdN_CWjaQx2Vkq75VcZkUj3OsqBPx48xza0BA6I9Qd9Jwbx49IA==

GET
H3

200

invisible.js Show response
psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/ Frame 5683
Redirect Chain

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

22 KB
12 KB

43ms
43ms

Script
application/javascript

104.18.22.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Protocol

Server

104.18.22.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d13282c9c59bd898d884b6b9dab80c85a8fa8866c499a66c57e988034f432a1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1r6dXgqnO2AAHeW8QUJLm1nKl5pB%2BB28Famk4Ta0E6QVkWx9qjWN24TJ6COSx7ivO0eLUxtQGQEIIHhp8AhPbdahgSMcgC2VhrkICW1l2D%2BxPbni7XYGUxnRjoxT5GDETxPLOKg1PEn%2F2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7bf1bc3b8f7a09a5-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Fri, 28 Apr 2023 19:33:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jm9ggxJV4LQFCdef2m7xyxBtRp92jdORAR2CWXqifiHbz9Dyq5vZdKw%2F5nPPsQvzE3W9iQp%2Bxe89GtUiqMaBL96GKSPT5lEeMDnAYHRt%2B5ldVZIwl2crZ%2FjMeNXZJ9E1iKBeHturJLS3sg%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7bf1bc3b3e14992c-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 5683 6 KB
4 KB 43ms
43ms Other
application/javascript 104.18.22.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.22.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4d21d417ef9e6ad0f242c874fd0d640d3a05d7827867c25f1ec628307ec2923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BkEuxveMwCYxomyUEeKUa3Vx5wMszxisuX3LkuB51UOOls6MNokZivf3Fy8%2FjMJ0kqSQDb%2Bex1VAIXTogAKot1sInA37cXtqnIWhlyEEfjS2KmB3nMlHa%2B91%2FEAsJdAoqZvnhwTNPqCujQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7bf1bc3c182b09a5-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 7bf1bc37583b992c Show response
psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 5683 2 B
719 B 67ms
67ms XHR
text/plain 104.18.22.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/cv/result/7bf1bc37583b992c

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/scripts/invisible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.22.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 Apr 2023 19:33:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ccgqoZELvJW902asr0wJTdRp2tHKG4P572kKg95Ko3iDacTNdNDlGafZgnVJjigxII%2FjvwzGoseZyAuhEgJPXcYcrdFS8s25j0JD1g8fr2vDHBMrCW8BfqP9pesReLakbfsrIlL1%2Bqa5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7bf1bc3dca9309a5-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 vendors~form~blocks-validation-phone_number~blocks-renderer-contact_info~blocks-renderer-phone_number.0c35a1c1193305df993f.renderer.js Show response
renderer-assets.typeform.com/ Frame 0C55 107 KB
28 KB 130ms
66ms Script
application/x-javascript 2600:9000:214f:5e00:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/vendors~form~blocks-validation-phone_number~blocks-renderer-contact_info~blocks-renderer-phone_number.0c35a1c1193305df993f.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:214f:5e00:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c683a0b24c9732c0eaa4f0e9552d815dde7e4e5eea1270da99e81dd703c950dc

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: 6V49CDIjgFyA6EtHPr0MxoFqi5rDDtzh
content-encoding: gzip
via: 1.1 d16428714e022976873ccc980fdc1288.cloudfront.net (CloudFront)
date: Fri, 28 Apr 2023 05:09:28 GMT
age: 51823
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Apr 2023 13:55:06 GMT
server: AmazonS3
etag: W/"84ed4a4c21dda7b34914967639b12068"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: nhQ6FmeKzA8fuNQYdnOTS3DDzVWihFxh09dNUsmUs89iQdtsPquexQ==

GET
H3 200 vendors~form.ea948ae7d71201d2d4ac.renderer.js Show response
renderer-assets.typeform.com/ Frame 0C55 613 KB
187 KB 124ms
61ms Script
application/x-javascript 2600:9000:214f:5e00:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:214f:5e00:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6480150687761955065dbf8f3b8f168864b24cc0614720e4e56b51dea38d0d71

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: AS_n6EUkTomJGUFh4oZtzOfANrhl8ind
content-encoding: gzip
via: 1.1 d16428714e022976873ccc980fdc1288.cloudfront.net (CloudFront)
date: Fri, 28 Apr 2023 13:32:23 GMT
age: 21648
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 12:51:11 GMT
server: AmazonS3
etag: W/"2c2ae924ef93aee0964596b8c99dd2d2"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: w09PPbGGP95n53ot0YqMqGmIkM_twFoL73v2hmZkiknnCBUCMbDRfA==

GET
H3 200 form.1868976771794d8f2d98.renderer.js Show response
renderer-assets.typeform.com/ Frame 0C55 245 KB
70 KB 124ms
62ms Script
application/x-javascript 2600:9000:214f:5e00:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/form.1868976771794d8f2d98.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:214f:5e00:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63b03e4533c8c23547e03e6e0fb49e2de2bf597fb03750b9f094c6a758c3dd9f

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: XXv8YtHZ9tLHGOecIv2RIDKO0lE8qM8B
content-encoding: gzip
via: 1.1 d16428714e022976873ccc980fdc1288.cloudfront.net (CloudFront)
date: Fri, 28 Apr 2023 07:33:17 GMT
age: 43193
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Apr 2023 13:55:06 GMT
server: AmazonS3
etag: W/"3940ace8c3d2bdaa948da1ed541b4b88"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: v8VT26f6DWd3qlz6Xe24lbEjy4rqKUCuT9QPfo9GN_4vwd-kJFJEAQ==

GET
H3 200 blocks-renderer-short_text.2f5d9a5943cb113d6b9d.renderer.js Show response
renderer-assets.typeform.com/ Frame 0C55 8 KB
3 KB 64ms
64ms Script
application/x-javascript 2600:9000:214f:5e00:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/blocks-renderer-short_text.2f5d9a5943cb113d6b9d.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:214f:5e00:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e19b426c5b1da8d92adaa1464433944c8241496e194d8a099358e6bd3d52ed5a

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: tO1xYhpUMI7o6B_2CR92pD.AtLUZPP9G
content-encoding: gzip
via: 1.1 d16428714e022976873ccc980fdc1288.cloudfront.net (CloudFront)
date: Fri, 28 Apr 2023 06:15:26 GMT
age: 47863
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Apr 2023 13:55:06 GMT
server: AmazonS3
etag: W/"8f1538b8c89fc276459abebc43ec692a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: jFD0dSqS0gigW5IDWqW0ey8i74hOSO6Qp30TTQeM8IExgwz7iXIAEQ==

POST
H3 200 view-form-open Show response
psf51mc35ch.typeform.com/forms/lmpfrRij/insights/events/v3/ Frame 0C55 2 B
1 KB 472ms
472ms Fetch
application/json 104.18.22.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/forms/lmpfrRij/insights/events/v3/view-form-open

Requested by

Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.22.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 28 Apr 2023 19:33:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-backend: papi
x-release: 4829204443
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
x-build-date: 2023-04-28T11:35:20+02:00
server: cloudflare
access-control-allow-methods: GET, OPTIONS, POST, PUT, PATCH, DELETE
content-type: application/json
access-control-allow-origin: https://psf51mc35ch.typeform.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jdPGqhgMczL8%2BBFj3T6ozfhSiDy5JfDXJTfI%2Fa1hnQ1%2B%2Fd6zPx3Mpd%2FchqyT0NzcPAwkfK5YGyJRs7hLtt%2FA8%2B5gUYjCO9%2FU65N5Kr9FJ2MfMei5%2BDrwfT%2FBnWDm21FfRYyTt9nde57dA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Location, X-Request-Id
x-service: insights-3.0
x-commit-sha: 1cef1c02e0ed160c51838b090356729c039af901
cf-ray: 7bf1bc42285b09a5-ARN
access-control-allow-headers: X-Typeform-Key, Content-Type, Authorization, Typeform-Version, typeform-app

GET
H2 200 rudder-analytics.min.js Show response
cdn.rudderlabs.com/v1/ Frame 0C55 464 KB
133 KB 179ms
59ms Script
text/javascript 2600:9000:214f:9000:16:a497:9700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rudderlabs.com/v1/rudder-analytics.min.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:9000:16:a497:9700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d70e2a9892066b77dd06a7ac3516bf647381306c606f702488780a64eb0cb56e

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 18:33:56 GMT
content-encoding: gzip
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
last-modified: Mon, 24 Apr 2023 10:29:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 3555
x-amz-server-side-encryption: AES256
etag: W/"9fd2ef50255e80485643ece553a7ede4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=3600
x-amz-cf-id: PTQxkQ-TanNObuXDvm5q6t7nBNArXUpqV_IOVbVqqv2_fikHaO2BKw==

OPTIONS
H2 200 /
rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/ Frame 0
0 409ms
139ms Preflight
text/plain 34.236.90.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/?p=cdn&v=1.31.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.90.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-236-90-28.compute-1.amazonaws.com
Software: uvicorn /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://psf51mc35ch.typeform.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://psf51mc35ch.typeform.com
access-control-max-age: 600
content-length: 2
content-type: text/plain; charset=utf-8
date: Fri, 28 Apr 2023 19:33:10 GMT
server: uvicorn
vary: Origin

GET
H2 200 / Show response
rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/ Frame 0C55 610 B
744 B 135ms
135ms XHR
application/json 34.236.90.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/?p=cdn&v=1.31.0
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.90.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-236-90-28.compute-1.amazonaws.com
Software: uvicorn /
Resource Hash: 1e1bfbb50209ae8693353623fab7eeeef5ae1c0ca5d128a40c3be54099e59028

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: fi-FI,fi;q=0.9
Authorization: Basic MjJLTUZoSEpiY3pnR1cwZ0pWM1NCcnpCbE5lOg==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 28 Apr 2023 19:33:10 GMT
access-control-allow-credentials: true
server: uvicorn
content-length: 610
content-type: application/json

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 68ms
68ms Preflight
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://sites.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://sites.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 28 Apr 2023 19:33:10 GMT
expires: Fri, 28 Apr 2023 19:33:10 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ 131 B
152 B 74ms
73ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/
X-Goog-AuthUser: 0
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 28 Apr 2023 19:33:11 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sites.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H3 200 logImpressions Show response
sites.google.com/_/view/ 16 B
64 B 185ms
185ms XHR
application/json 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sites.google.com/_/view/logImpressions?authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.fi.ilNXmTUPLp0.O/d=1/rs=AGEqA5mdYj_m1GhDdYnOLxrKOMplSyZA7A/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d47b4a1cc0393424720bded5988a28f4e9146fd265ecb416b79cf0d6ac81f6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/office-remittance.com/rty/mlcrosoft-0fflce-365-mall
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 19:33:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 track
rudderstack.cdp.prod.data.typeform.com/v1/ Frame 0
0 419ms
136ms Preflight 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymousid,authorization,content-type
Access-Control-Request-Method: POST
Origin: https://psf51mc35ch.typeform.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Anonymousid, Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://psf51mc35ch.typeform.com
access-control-max-age: 900
content-length: 0
date: Fri, 28 Apr 2023 19:33:11 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 track Show response
rudderstack.cdp.prod.data.typeform.com/v1/ Frame 0C55 2 B
162 B 153ms
152ms XHR
text/plain 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: fi-FI,fi;q=0.9
Authorization: Basic MjJLTUZoSEpiY3pnR1cwZ0pWM1NCcnpCbE5lOg==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
AnonymousId: N2QwOTg2MDctOGQzMi00YTJmLTg5ZGYtMWQ5OTgzNTJiZGIy
Content-Type: application/json

Response headers

access-control-allow-origin: https://psf51mc35ch.typeform.com
date: Fri, 28 Apr 2023 19:33:11 GMT
access-control-allow-credentials: true
content-length: 2
vary: Origin
content-type: text/plain; charset=utf-8

POST
H2 200 track Show response
rudderstack.cdp.prod.data.typeform.com/v1/ Frame 0C55 2 B
162 B 146ms
145ms XHR
text/plain 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: fi-FI,fi;q=0.9
Authorization: Basic MjJLTUZoSEpiY3pnR1cwZ0pWM1NCcnpCbE5lOg==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
AnonymousId: N2QwOTg2MDctOGQzMi00YTJmLTg5ZGYtMWQ5OTgzNTJiZGIy
Content-Type: application/json

Response headers

access-control-allow-origin: https://psf51mc35ch.typeform.com
date: Fri, 28 Apr 2023 19:33:12 GMT
access-control-allow-credentials: true
content-length: 2
vary: Origin
content-type: text/plain; charset=utf-8

OPTIONS
H2 200 track
rudderstack.cdp.prod.data.typeform.com/v1/ Frame 0
0 137ms
136ms Preflight 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymousid,authorization,content-type
Access-Control-Request-Method: POST
Origin: https://psf51mc35ch.typeform.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Anonymousid, Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://psf51mc35ch.typeform.com
access-control-max-age: 900
content-length: 0
date: Fri, 28 Apr 2023 19:33:12 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-20 15:48:41	Name: NID Value: 511=DsAtlddAwJsHC_UBxER6Tp0bc2yfjerpSD30XzxP6o8M7MPCTXB7KNOh2uUSmZZpGxyo7tHgsbQ_LjVXz7GVCVDYFOo5C5X-PpLP_N12KVQrVwoKyCU_51yI_04DuI3n8se7D6roOENXEyBfgAEWVoHaXnl_oIbU3I6yKD7QrP4
.google.com/	1970-01-20 21:01:10	Name: CONSENT Value: PENDING+030
.typeform.com/	1970-01-20 11:25:12	Name: __cf_bm Value: bJkEFhYfWAVeZm_b0L0Alu2Dpq5aM3pIkJLK7IzTFrA-1682710389-0-ATvNA2Z9Hb+Si8kUgBV0TgPA6sDu5SQ/k2l53Q7LyQOXT788FSSQgnXSMIL4dftdU7lbrdpHnZcSXqLH2+DcUaniXktTILCttZUwLEabmxhZ9kA/9EyXvcrqfg+Efzo6ozTEtb3IprXvAXFM7/USBxA=
.typeform.com/	1970-01-20 15:48:41	Name: tf_respondent_cc Value: {%22groups%22:[%222%22]%2C%22timestamp%22:%222023-04-28T19:33:09.893Z%22%2C%22implicitConsent%22:true}
.typeform.com/	1970-01-20 20:10:46	Name: attribution_user_id Value: 52b46d86-e2e0-400f-9cc9-8fe2968fea1f
psf51mc35ch.typeform.com/	1970-01-20 11:35:15	Name: AWSALBTGCORS Value: JFOKPs2dKwb0WDnnUW2zNsl1ZNRGW1orSYCpSyzSaAM232qcob6KbVRrPDJdHJlXap9k4KG6CX7ti5Jfd17tYoOoUpqPRzUwzOTfRu6SerPPU1zvYryZYc//Na7QxixSf2+jkY25Hcd4yMmLrir3sMVN3XLcqHYU9yBnZAhqwqoZ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-aI2pWLs2ziU0jpvPwcgcig' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apis.google.com
cdn.rudderlabs.com
fonts.googleapis.com
fonts.gstatic.com
images.typeform.com
lh4.googleusercontent.com
play.google.com
psf51mc35ch.typeform.com
renderer-assets.typeform.com
rudderstack-control-plane.cdp.prod.data.typeform.com
rudderstack.cdp.prod.data.typeform.com
sites.google.com
www.gstatic.com
psf51mc35ch.typeform.com
104.18.22.9
2600:9000:214f:5e00:4:f6ce:61c0:93a1
2600:9000:214f:9000:16:a497:9700:93a1
2600:9000:223f:3600:8:2495:5540:93a1
2a00:1450:4001:813::2001
2a00:1450:4001:829::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200e
34.236.90.28
54.225.127.151
0f555d342efa826d76bf8ebe52dd730f6904561391b61e506b0d9c81e9f4ea45
132926ea1cff48d7d3e5cefb0781977411f44fee28355e095d594f939c6f4192
145607389b6d7d2f4e36c9c3fb075349cb3efa62dc0c067143e2faf3a5a5573c
1e1bfbb50209ae8693353623fab7eeeef5ae1c0ca5d128a40c3be54099e59028
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2759fa9c24c84cd076d3db6ae38c90cd0ad943bba3f50d85169add0e3accb3db
3704afefd25c94315efcbcb4513deedbd292002ec51691e6cffe69d2262d7927
3e1690cbe8d2d7370b41ac224c11b7027cd4825a665f71cb1ed534fbcffa42da
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
546a4b22634857cf25888c9ae7aa0a116519ef78f14e2997a5c966c56c394d4a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
63b03e4533c8c23547e03e6e0fb49e2de2bf597fb03750b9f094c6a758c3dd9f
6480150687761955065dbf8f3b8f168864b24cc0614720e4e56b51dea38d0d71
72e714ac6da221b18f3ad8e3a31cb09fbcf9b5d2b2e873260f32259bb9a86d5e
77c48854ef9d37c2db84d8c016f062be0a80e8602b63a08280b7d1687b9c35e9
8d47b4a1cc0393424720bded5988a28f4e9146fd265ecb416b79cf0d6ac81f6d
a6dc0619efbce34ca74a27292a69083c2e4e9d8aee82f54ad6a176add21364e9
abf6b57c10c4b08d69a742a47d5b9a5879382fa4c19c6289940ded9f16b3286b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b4d21d417ef9e6ad0f242c874fd0d640d3a05d7827867c25f1ec628307ec2923
c683a0b24c9732c0eaa4f0e9552d815dde7e4e5eea1270da99e81dd703c950dc
c6dcc27d19122c1cb2d5b2c30730878fbb9e38e140cc4b49f51b97c729b14477
d13282c9c59bd898d884b6b9dab80c85a8fa8866c499a66c57e988034f432a1c
d70e2a9892066b77dd06a7ac3516bf647381306c606f702488780a64eb0cb56e
da4331fd642e6f5ab2fdb08f5041af6ed450f9177191ceedec6cf966753ab1bd
e19b426c5b1da8d92adaa1464433944c8241496e194d8a099358e6bd3d52ed5a
e383b6bc4a168320f6866b83e178fe7bc94612fb6ff925d2ca01c8880b475c68
e779992ace543f715102af0c31dd34d3b2f65bff0ba108d0a10cfef268ea32b1
ed497b824ce8c6ac463e58e90316201f74c64a75f8192d3facfc21d1ac798e58
ee593c3c2c549b77750eaba0bd0fc134ef34c64209d9208f4b2030c226b7066c
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f86e9d891b3a08409094557c6011d1c514eca236292f8fb491a92f3d03b175cc
fa62c98e730e29e0c76279345adf39d3b95ce0ffe1695b0936ecfef47b1a7481
ffe023a48b7217872ffa5a4ff3bf04c87a0d92d16bed9291f3c4271530260cbe

sites.google.com Open in urlscan Pro 2a00:1450:4001:82f::200e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

48 Requests

96 %HTTPS

75 %IPv6

6 Domains

13 Subdomains

13 IPs

3 Countries

1882 kBTransfer

6220 kBSize

6 Cookies

1 Outgoing links

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sites.google.com Open in urlscan Pro
2a00:1450:4001:82f::200e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

96 %
HTTPS

75 %
IPv6

6
Domains

13
Subdomains

13
IPs

3
Countries

1882 kB
Transfer

6220 kB
Size

6
Cookies

48 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!