sites.google.com Open in urlscan Pro
2607:f8b0:4020:804::200e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sites.google.com/office-remittance.com/hgb?usp=sharing
Submission: On April 28 via api (April 28th 2023, 3:09:32 pm UTC) from US — Scanned from US

Summary HTTP 43 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 6 domains to perform 43 HTTP transactions. The main IP is 2607:f8b0:4020:804::200e, located in Montreal, Canada and belongs to GOOGLE, US. The main domain is sites.google.com. The Cisco Umbrella rank of the primary domain is 9827.
TLS certificate: Issued by GTS CA 1C3 on April 3rd 2023. Valid for: 3 months.

This is the only time sites.google.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
10	2607:f8b0:402... 2607:f8b0:4020:804::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:402... 2607:f8b0:4020:805::200a	15169 (GOOGLE) (GOOGLE)
9	2607:f8b0:402... 2607:f8b0:4020:807::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:402... 2607:f8b0:4020:806::2001	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:808::2003	15169 (GOOGLE) (GOOGLE)
1 6	104.18.23.9 104.18.23.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:23c... 2600:9000:23ca:5600:8:2495:5540:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:21d... 2600:9000:21dd:3600:4:f6ce:61c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:202... 2600:9000:202c:e800:16:a497:9700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.236.90.28 34.236.90.28	14618 (AMAZON-AES) (AMAZON-AES)
4	54.225.127.151 54.225.127.151	14618 (AMAZON-AES) (AMAZON-AES)
43	12

10 2607:f8b0:4020:804::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)

sites.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4020:805::200a (Montreal, Canada)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4020:807::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:806::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)

lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::2003 (New York, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.23.9 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

psf51mc35ch.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:23ca:5600:8:2495:5540:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21dd:3600:4:f6ce:61c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

renderer-assets.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:202c:e800:16:a497:9700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.rudderlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.236.90.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-90-28.compute-1.amazonaws.com

rudderstack-control-plane.cdp.prod.data.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.225.127.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-127-151.compute-1.amazonaws.com

rudderstack.cdp.prod.data.typeform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	typeform.com psf51mc35ch.typeform.com Failed images.typeform.com — Cisco Umbrella Rank: 68341 renderer-assets.typeform.com — Cisco Umbrella Rank: 60865 rudderstack-control-plane.cdp.prod.data.typeform.com — Cisco Umbrella Rank: 70595 rudderstack.cdp.prod.data.typeform.com — Cisco Umbrella Rank: 68469	578 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	805 KB
10	google.com sites.google.com — Cisco Umbrella Rank: 9827 apis.google.com — Cisco Umbrella Rank: 236	177 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	3 KB
1	rudderlabs.com cdn.rudderlabs.com — Cisco Umbrella Rank: 15130	133 KB
1	googleusercontent.com lh6.googleusercontent.com — Cisco Umbrella Rank: 1213	167 KB
43	6

	Domain	Requested by
9	www.gstatic.com	sites.google.com www.gstatic.com
7	apis.google.com	sites.google.com apis.google.com www.gstatic.com
6	psf51mc35ch.typeform.com	www.gstatic.com psf51mc35ch.typeform.com renderer-assets.typeform.com
5	renderer-assets.typeform.com	psf51mc35ch.typeform.com renderer-assets.typeform.com
4	rudderstack.cdp.prod.data.typeform.com	renderer-assets.typeform.com
3	sites.google.com	www.gstatic.com
2	rudderstack-control-plane.cdp.prod.data.typeform.com	renderer-assets.typeform.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	sites.google.com
1	cdn.rudderlabs.com	renderer-assets.typeform.com
1	images.typeform.com	psf51mc35ch.typeform.com
1	lh6.googleusercontent.com	sites.google.com
43	12

This site contains no links.

Subject Issuer	Validity	Valid
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
typeform.com Cloudflare Inc ECC CA-3	`2022-06-27` - `2023-06-26`	a year	crt.sh
*.typeform.com Amazon RSA 2048 M01	`2023-02-24` - `2023-10-29`	8 months	crt.sh
*.rudderlabs.com Amazon RSA 2048 M02	`2023-02-21` - `2023-08-12`	6 months	crt.sh
cdp.prod.data.typeform.com Amazon RSA 2048 M02	`2023-02-23` - `2024-02-01`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://sites.google.com/office-remittance.com/hgb?usp=sharing
Frame ID: 957A716C3D5BCD84FCB724483BFCA0A4
Requests: 18 HTTP requests in this frame

Frame: https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.yTSbWrSe458.O%2Fd%3D1%2Frs%3DAHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q%2Fm%3D__features__&r=911873636
Frame ID: CB5DF1E88E4C80CEA48942F8CCC8E96A
Requests: 6 HTTP requests in this frame

Frame: https://psf51mc35ch.typeform.com/to/lmpfrRij
Frame ID: AB9892ED6F87E78D520AF632B343C1AA
Requests: 1 HTTP requests in this frame

Frame: https://psf51mc35ch.typeform.com/to/lmpfrRij
Frame ID: D115CFE8E838A42BD6F6532AC3A1BA17
Requests: 12 HTTP requests in this frame

Frame: https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
Frame ID: 04587BA079BE150F9F4D39F91C383F74
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MlCROSOFT 0FFlCE 365 - MAlL

Detected technologies

Google Sites (CMS) Expand

Overall confidence: 100%
Detected patterns

^https?://sites\.google\.com

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Page Statistics

43
Requests

95 %
HTTPS

73 %
IPv6

6
Domains

12
Subdomains

12
IPs

3
Countries

1863 kB
Transfer

6194 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

43 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hgb Show response
sites.google.com/office-remittance.com/ 62 KB
12 KB 284ms
106ms Document
text/html 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

79565b76118c015de001c3333f8dc9319ec6c601e18fa43965dadce214438a72

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-LrrLBUPeNRd58g0akqOwwQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-LrrLBUPeNRd58g0akqOwwQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
content-type: text/html; charset=utf-8
cross-origin-opener-policy: unsafe-none
date: Fri, 28 Apr 2023 15:09:19 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: ESF
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ 23 KB
2 KB 136ms
38ms Stylesheet
text/css 2607:f8b0:4020:805::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::200a Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

da4331fd642e6f5ab2fdb08f5041af6ed450f9177191ceedec6cf966753ab1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Apr 2023 15:09:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 13:39:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Apr 2023 15:09:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 138ms
41ms Stylesheet
text/css 2607:f8b0:4020:805::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3Ai%2Cbi%2C700%2C400%7CRoboto%3Ai%2Cbi%2C700%2C400&display=swap

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::200a Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

145607389b6d7d2f4e36c9c3fb075349cb3efa62dc0c067143e2faf3a5a5573c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Apr 2023 15:09:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 14:15:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Apr 2023 15:09:20 GMT

GET
H2 200 rs=AGEqA5n5BPWCeMGvuOyDHOfNlATIDU59zQ
www.gstatic.com/_/atari/_/ss/k=atari.vw.yCPfeKC3HvE.L.W.O/d=1/ 1 MB
146 KB 113ms
16ms Stylesheet
text/css 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/ss/k=atari.vw.yCPfeKC3HvE.L.W.O/d=1/rs=AGEqA5n5BPWCeMGvuOyDHOfNlATIDU59zQ

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6dcc27d19122c1cb2d5b2c30730878fbb9e38e140cc4b49f51b97c729b14477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 12:41:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 527278
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148599
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Sun, 21 Apr 2024 12:41:22 GMT

GET
H2 200 client.js Show response
apis.google.com/js/ 17 KB
7 KB 66ms
42ms Script
text/javascript 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js?onload=gapiLoaded

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9377b21ec3ae255d4a94095b52c670b0716d74a8e7a639b78957b9872d6ef244

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 28 Apr 2023 15:09:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "ab984824646288be"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Apr 2023 15:09:20 GMT

GET
H2 200 m=view Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/ 559 KB
190 KB 150ms
53ms Script
text/javascript 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

914fc1448fd890ce1d7feb66b5c7f29ab637ca1f55d9b7c1b5a2954eb404056b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 18:52:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 194510
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Tue, 23 Apr 2024 18:52:45 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/ 315 KB
108 KB 17ms
16ms Script
text/javascript 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js?onload=gapiLoaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bedc118ad4b8018e96dd64b927d0eb07ac64e56968548efd33705c1dddeafb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 07:45:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 545027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109934
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Apr 2024 07:45:33 GMT

GET
H2 200 VGtYrTTmx8iVKHwUdBE_2dbIi7TkbChTKRrCLmmI2OVh--f5xAMucfX1lXJnnpm0kpqdlJ_PzZlblxicQyqqxsQ=w16383
lh6.googleusercontent.com/ 167 KB
167 KB 214ms
129ms Image
image/jpeg 2607:f8b0:4020:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/VGtYrTTmx8iVKHwUdBE_2dbIi7TkbChTKRrCLmmI2OVh--f5xAMucfX1lXJnnpm0kpqdlJ_PzZlblxicQyqqxsQ=w16383

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fa62c98e730e29e0c76279345adf39d3b95ce0ffe1695b0936ecfef47b1a7481

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 15:09:20 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Untitled.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170945
x-xss-protection: 0
expires: Sat, 29 Apr 2023 15:09:20 GMT

GET
H2 200 intermediate-frame-minified.html Show response
www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/ Frame CB5D 2 KB
1 KB 16ms
13ms Document
text/html 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html

Requested by

Host: sites.google.com
URL: https://sites.google.com/office-remittance.com/hgb?usp=sharing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3704afefd25c94315efcbcb4513deedbd292002ec51691e6cffe69d2262d7927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 509546
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 922
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Apr 2023 17:36:54 GMT
expires: Sun, 21 Apr 2024 17:36:54 GMT
last-modified: Fri, 21 Apr 2023 12:21:23 GMT
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 48ms
9ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sites.google.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 12:13:29 GMT
x-content-type-options: nosniff
age: 528951
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 12:13:29 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v46/ 29 KB
29 KB 50ms
11ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sites.google.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 07:33:17 GMT
x-content-type-options: nosniff
age: 545763
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29728
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 16:59:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 07:33:17 GMT

GET
H3 200 m=sy1b,sy1c,sy1a,FoQBg Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/ 37 KB
12 KB 43ms
21ms Script
text/javascript 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=sy1b,sy1c,sy1a,FoQBg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1374ed0999e594ca05e62750f619f749dea6ae9d1157dd9e9d7d7736524ad964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 18:52:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12641
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Tue, 23 Apr 2024 18:52:45 GMT

GET
H3 200 m=sy2l,TRvtze Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/ 850 B
517 B 43ms
21ms Script
text/javascript 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=sy2l,TRvtze

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4e1877e0b075dab24321e78f13452df0c7b9047f0d7e3b3e8e564c50da10b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 18:52:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 491
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Tue, 23 Apr 2024 18:52:45 GMT

GET
H3 200 m=MpJwZc,n73qwf,A4UTCb,qAKInc,sy15,TGYpv,sy11,X85Uvc,syz,YXyON,sy2m,abQiW,W26a5e,hJUyqe,sy13,sy18,sy14,sy16,sy17,fuVYe,KUM7Z,XDKZTc,sy12,qkPXAf,qEW1W,oNFsLb,sy3k,yxTchf,sy3l,sy3m,xQtZb,yf2Bs,sy2,sy... Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/ 1 MB
389 KB 42ms
37ms Script
text/javascript 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=MpJwZc,n73qwf,A4UTCb,qAKInc,sy15,TGYpv,sy11,X85Uvc,syz,YXyON,sy2m,abQiW,W26a5e,hJUyqe,sy13,sy18,sy14,sy16,sy17,fuVYe,KUM7Z,XDKZTc,sy12,qkPXAf,qEW1W,oNFsLb,sy3k,yxTchf,sy3l,sy3m,xQtZb,yf2Bs,sy2,sy8,yyxWAc,qddgKe,sy2o,SM1lmd,sy6,sy5,syy,RRzQxe,zZvHmd,sy10,YV8yqd,sy7,sya,syk,sy9,fNFZH,sy2n,sy1p,syl,RrXLpc,cgRV2c,sy1q,o1L5Wb,X4BaPc,syf,Md9ENb,sy1h,sy1i,sy1j,syn,syp,sy1e,sy1f,sy1g,sy1o,syo,syx,KlrXId,NlqxW,sy1m,sy1n,sy1l,syb,sys,sy1k,sy1s,sy1v,sy1x,sy22,sy1t,sy21,sy29,sy1r,sy1u,sy1z,sy1w,sy20,sy23,sy27,sy28,sy2b,sy2c,sy1d,T807ad,sy1y,ZDEHrf,sy24,sy25,sy26,sy2a,oy3iwb,dBhIIb,syq,Yr1Pcb,LUQjOd,J9ssyb,SB123c,UubMM,YoEZUb,JKfHhb,DJtOxf,pA2mAb,gypOCd,X4FC5,kYfebb,XMtvld,rrOIJc,ZdZQ6b,Euz7Lc,sAbmxd,heobjb,R4KMEc,sy2d,sy2e,sy2f,sy2g,UYjpC,vVEdxc,sy3,VYKRW,sy19,CG0Qwb,RZ9OZ,N0NZx

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72cea6d0dfd1c92650fc29719a500b05c8f7b997e811b9bfe67af63348f46b17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 13:53:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 263724
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 397994
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Wed, 24 Apr 2024 13:53:56 GMT

GET
H3 200 m=sy3b,IZT63,vfuNJf,sy35,sy39,sy3c,sy3p,sy3n,sy3o,siKnQd,sy33,sy3a,sy3e,YNjGDd,sy3d,sy3f,PrPYRd,iFQyKf,hc6Ubd,sy3q,SpsfSb,sy36,sy38,wR5FRb,pXdRYb,dIoSBb,zbML3c Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/ 27 KB
10 KB 52ms
27ms Script
text/javascript 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=sy3b,IZT63,vfuNJf,sy35,sy39,sy3c,sy3p,sy3n,sy3o,siKnQd,sy33,sy3a,sy3e,YNjGDd,sy3d,sy3f,PrPYRd,iFQyKf,hc6Ubd,sy3q,SpsfSb,sy36,sy38,wR5FRb,pXdRYb,dIoSBb,zbML3c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0b5c7fb93860c848ff1e1bdaaeb5fe3536cfb40ea8073791ed6954526d21bfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 18:52:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10129
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Tue, 23 Apr 2024 18:52:45 GMT

GET
H3 200 m=m9oV,sy3g,NTMZac,rCcCxc,mzzZzc,RAnnUd,sy2p,sy2q,uu7UOe,nAFL3,sy2i,gJzDyc,sy2r,sy2s,soHxf,syv,syu,HYv29e,sy2t,uY3Nvd Show response
www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/ 33 KB
11 KB 19ms
19ms Script
text/javascript 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=0/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=m9oV,sy3g,NTMZac,rCcCxc,mzzZzc,RAnnUd,sy2p,sy2q,uu7UOe,nAFL3,sy2i,gJzDyc,sy2r,sy2s,soHxf,syv,syu,HYv29e,sy2t,uY3Nvd

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e844e960df3006f917a873ce1be3e7b688ab3d68ab44bc5b47def0c9f796ed4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 25 Apr 2023 08:00:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284922
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10799
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 12:30:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
expires: Wed, 24 Apr 2024 08:00:38 GMT

GET
H3 200 api.js Show response
apis.google.com/js/ Frame CB5D 17 KB
7 KB 44ms
44ms Script
text/javascript 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js?checkCookie=1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bc54bdf7044249c87f7f7d063004afbde1f8cb1d64b636c37ccee5fe34f11e6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 28 Apr 2023 15:09:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "0569545fb4ef1520"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Apr 2023 15:09:20 GMT

POST
H3 200 logImpressions Show response
sites.google.com/_/view/ 16 B
64 B 56ms
55ms XHR
application/json 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sites.google.com/_/view/logImpressions?authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d47b4a1cc0393424720bded5988a28f4e9146fd265ecb416b79cf0d6ac81f6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/office-remittance.com/hgb?usp=sharing
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 15:09:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=gapi_rpc/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/ 261 B
201 B 47ms
47ms Script
text/javascript 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=gapi_rpc/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/cb=gapi.loaded_1?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js?onload=gapiLoaded

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cdd4be55b26feb467f9ba3447bc01640934768ea0e11f889e0e31abfeff9ee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sites.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 14:47:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519705
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Apr 2024 14:47:36 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/ Frame CB5D 50 KB
18 KB 13ms
12ms Script
text/javascript 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js?checkCookie=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d6f97d531bfc22beda5849186d094e22ea407cf803b10d50232874d300c62e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 08:02:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18087
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Apr 2024 08:02:24 GMT

GET
H3 200 intermediate-frame-minified.html Show response
www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/ Frame CB5D 2 KB
947 B 56ms
55ms Document
text/html 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.yTSbWrSe458.O%2Fd%3D1%2Frs%3DAHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q%2Fm%3D__features__&r=911873636

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3704afefd25c94315efcbcb4513deedbd292002ec51691e6cffe69d2262d7927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 922
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
cross-origin-resource-policy: cross-origin
date: Fri, 28 Apr 2023 15:09:21 GMT
expires: Sat, 27 Apr 2024 15:09:21 GMT
last-modified: Fri, 28 Apr 2023 14:24:18 GMT
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET lmpfrRij
psf51mc35ch.typeform.com/to/ Frame AB98 0
0

GET
H3 200 api.js Show response
apis.google.com/js/ Frame CB5D 17 KB
7 KB 41ms
40ms Script
text/javascript 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js?checkCookie=1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/atari/embeds/7925c5f8e01bacb9b4b0a3783ae0b867/intermediate-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.yTSbWrSe458.O%2Fd%3D1%2Frs%3DAHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q%2Fm%3D__features__&r=911873636

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bc54bdf7044249c87f7f7d063004afbde1f8cb1d64b636c37ccee5fe34f11e6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 28 Apr 2023 15:09:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "0569545fb4ef1520"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Apr 2023 15:09:21 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/ Frame CB5D 50 KB
18 KB 14ms
13ms Script
text/javascript 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.yTSbWrSe458.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_5dpdVCMe_LPx1yH-hHA2M85TB-Q/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js?checkCookie=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d6f97d531bfc22beda5849186d094e22ea407cf803b10d50232874d300c62e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 08:02:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18087
x-xss-protection: 0
last-modified: Sat, 01 Apr 2023 15:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Apr 2024 08:02:24 GMT

GET
H2 200 lmpfrRij Show response
psf51mc35ch.typeform.com/to/ Frame D115 108 KB
35 KB 77ms
75ms Document
text/html 104.18.23.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/to/lmpfrRij

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / 7820-7.48.1

Resource Hash

34dcca06e6cf458c6ff788be0257216800a1e00b53798869bcff220b73851af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gstatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-headers: X-Typeform-Key, Content-Type, Authorization, Typeform-Version, typeform-app
access-control-allow-methods: GET, OPTIONS, POST, PUT, PATCH, DELETE
access-control-expose-headers: Location, X-Request-Id
age: 11533
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7bf039d49c6d8c93-EWR
content-encoding: gzip
content-security-policy-report-only: report-uri https://typeformforms.report-uri.com/r/t/csp/reportOnly; default-src 'self' https: data: blob: chrome-extension: moz-extension: safari-extension:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https:; worker-src 'self' blob:; manifest-src public-assets.typeform.com; form-action 'none'; frame-ancestors 'self' http://localhost:* capacitor: iconic: https:; base-uri 'self'; child-src wvjbscheme: https:; connect-src 'self' wss: https: chrome-extension: moz-extension: safari-extension:; style-src 'self' 'unsafe-inline' https:
content-type: text/html; charset=utf-8
date: Fri, 28 Apr 2023 15:09:22 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MvudFVrBeEJDAwMt61Wzmj8W7FRml70fi8m89Io7pZqjhjfvKTE8dvLWOYuqWcfG94Zt5lO8356CLtee2LSQUqqzGhewr2wgv7AIJa4VCcMlJ3yl9dpE%2BzBxx3bdmdDPFjpBOvQCudUjeA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cache: HIT
x-cache-lookup: HIT
x-envoy-upstream-service-time: 1
x-powered-by: 7820-7.48.1
x-varnish: 4789828 2267036

GET
H2 200 rPiZe7XpjxpF
images.typeform.com/images/ Frame D115 2 KB
3 KB 162ms
5ms Image
image/png 2600:9000:23ca:5600:8:2495:5540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.typeform.com/images/rPiZe7XpjxpF

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:23ca:5600:8:2495:5540:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e383b6bc4a168320f6866b83e178fe7bc94612fb6ff925d2ca01c8880b475c68

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'

Request headers

accept-language: en-US,en;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 05:20:30 GMT
content-security-policy: script-src 'self'
via: 1.1 a7a07e0b0db92670f70b5d65da05ed76.cloudfront.net (CloudFront), 1.1 f391dfb0806f29cccc5f1df3e1ae836e.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P4, JFK50-P2
age: 35332
x-amzn-requestid: b5a9d480-de1b-493d-96c8-4691081a4770
x-amzn-trace-id: Root=1-644b579e-688d649c0ac34edf18ede84f;Sampled=0;lineage=1e19b125:0
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1296000
x-amz-apigw-id: EEqgwE88oAMFp2A=
content-length: 2486
x-amz-cf-id: eYAmTTWMror1iI0Ps5oAwBn-uTUSlMoKzukgmIg20Dlzdl5_Wrzadg==

GET
H2 200 modern-renderer.6b1a38da991ee5c144be.js Show response
renderer-assets.typeform.com/ Frame D115 787 KB
231 KB 72ms
4ms Script
application/x-javascript 2600:9000:21dd:3600:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Requested by: Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21dd:3600:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f86e9d891b3a08409094557c6011d1c514eca236292f8fb491a92f3d03b175cc

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
Origin: https://psf51mc35ch.typeform.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 07:33:46 GMT
x-amz-version-id: A9mF2FHFx9rXBfGL1ApOCsmpF2sSpwQQ
content-encoding: gzip
via: 1.1 326fd0f07e6ce3b75fa751c6965f21c8.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
age: 27337
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Apr 2023 13:55:06 GMT
server: AmazonS3
etag: W/"2c0fb83f49a948e1eb5c9daa016e7a8c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: max-age=2419200
x-amz-cf-id: c7P8PsFJjM0QlVL8JB0kE00bB4lRFkpDSVDee8BX6NLHiWmdoHunKg==

GET
H3

200

invisible.js Show response
psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/ Frame 0458
Redirect Chain

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

26 KB
14 KB

15ms
15ms

Script
application/javascript

104.18.23.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Protocol

Server

104.18.23.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e112b8d7e1bca66830defdac4a77c51bfd64f0ef9453ed3496abf4326e1e87e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 15:09:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j1tev%2B%2FKfp1EuhgNo5pOzOpbYKgGgLgyeHDUevdCIlVC9mMK8X1le8fZ9XrP58KckTtUuV2AJ07EbNTGu5GHwNP3m%2BFcGZVi%2BlU9v9MPC%2FYCiahI%2FIumzZ1bQNpjidYPq9JIb7NEdZzaxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7bf039d5c9ba4343-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Fri, 28 Apr 2023 15:09:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FCIjFxcpegwrYEHIzxS1S1hBT0zdwqK%2F48NEnkru9oDwWj%2F%2FSp%2F6vIRloYfP4%2BwKFG5l4vGcHVJwtscnb6%2FYzp5uWaSL1czpwREpmUmE3EZYl%2Fr%2B0h%2BsLeJxHFEW0h4HBZvvlwNMaPvsw%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7bf039d5be138c93-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 0458 6 KB
4 KB 12ms
9ms Other
application/javascript 104.18.23.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.23.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5da8d57bc395d05f5067be7a863f2badbf3e32bb82ad3300216811fdc2aca2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 15:09:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eg7TNgGatMMDCv6xhWwHKQW%2F0kR6WRt19P1M750P3YBn4yDO1MNs%2F5NZiBdjal2mQb5lThT0ThqV9%2BtVXyfyPDi10SQQVaeX%2FZrqj7Y2vfiz3ZxU11xQph2xhteUWuwAHR94As5imt67Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7bf039d5fa024343-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 7bf039d49c6d8c93 Show response
psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 0458 2 B
723 B 25ms
24ms XHR
text/plain 104.18.23.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/h/g/cv/result/7bf039d49c6d8c93

Requested by

Host: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/cdn-cgi/challenge-platform/scripts/invisible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.23.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 Apr 2023 15:09:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H3Rw%2BffSpjl3HkFiQWvRqS492ZYIwkQUidM3Q1kyZhKeADO4ze7I%2FrH2casEkdXNP9%2FCgnvKYWd5ezkgTBFuNtUEwAouBhIwibBH6nrXiFnBVe9fBLEymfw4BIDJ6BAuzDsKbbxR43GcOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7bf039d9beb14343-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 vendors~form~blocks-validation-phone_number~blocks-renderer-contact_info~blocks-renderer-phone_number.0c35a1c1193305df993f.renderer.js Show response
renderer-assets.typeform.com/ Frame D115 107 KB
28 KB 155ms
16ms Script
application/x-javascript 2600:9000:21dd:3600:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/vendors~form~blocks-validation-phone_number~blocks-renderer-contact_info~blocks-renderer-phone_number.0c35a1c1193305df993f.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:21dd:3600:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c683a0b24c9732c0eaa4f0e9552d815dde7e4e5eea1270da99e81dd703c950dc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: 6V49CDIjgFyA6EtHPr0MxoFqi5rDDtzh
content-encoding: gzip
via: 1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
date: Thu, 27 Apr 2023 21:41:54 GMT
age: 62849
x-amz-cf-pop: EWR53-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Apr 2023 13:55:06 GMT
server: AmazonS3
etag: W/"84ed4a4c21dda7b34914967639b12068"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: lqKIDRyki8VyF0kMJgKrInd_ldiikWAQt6_yFQZL_WNKecxrv6aTmg==

GET
H3 200 vendors~form.ea948ae7d71201d2d4ac.renderer.js Show response
renderer-assets.typeform.com/ Frame D115 613 KB
187 KB 144ms
6ms Script
application/x-javascript 2600:9000:21dd:3600:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:21dd:3600:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6480150687761955065dbf8f3b8f168864b24cc0614720e4e56b51dea38d0d71

Request headers

accept-language: en-US,en;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 13:32:33 GMT
x-amz-version-id: xz2J5Nlt2cGzZNdcD6TL20ltFhV8b4lz
content-encoding: gzip
via: 1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
age: 5810
x-amz-cf-pop: EWR53-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 28 Apr 2023 10:10:44 GMT
server: AmazonS3
etag: W/"2c2ae924ef93aee0964596b8c99dd2d2"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: SOO2X2rbGXIazXc-Zp5Nm1R3W6PlMa2XrYEX4xCmPS5Zum8wAQAIvQ==

GET
H3 200 form.1868976771794d8f2d98.renderer.js Show response
renderer-assets.typeform.com/ Frame D115 245 KB
70 KB 153ms
15ms Script
application/x-javascript 2600:9000:21dd:3600:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/form.1868976771794d8f2d98.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:21dd:3600:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63b03e4533c8c23547e03e6e0fb49e2de2bf597fb03750b9f094c6a758c3dd9f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 07:33:47 GMT
x-amz-version-id: XXv8YtHZ9tLHGOecIv2RIDKO0lE8qM8B
content-encoding: gzip
via: 1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
age: 27336
x-amz-cf-pop: EWR53-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Apr 2023 13:55:06 GMT
server: AmazonS3
etag: W/"3940ace8c3d2bdaa948da1ed541b4b88"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: VWVEQm8jfTGOPSIkqr2RzZUHr-qd_jqHgyvdo5FoyxwvbCw0mnQoSw==

GET
H3 200 blocks-renderer-short_text.2f5d9a5943cb113d6b9d.renderer.js Show response
renderer-assets.typeform.com/ Frame D115 8 KB
3 KB 7ms
6ms Script
application/x-javascript 2600:9000:21dd:3600:4:f6ce:61c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://renderer-assets.typeform.com/blocks-renderer-short_text.2f5d9a5943cb113d6b9d.renderer.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/modern-renderer.6b1a38da991ee5c144be.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:21dd:3600:4:f6ce:61c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e19b426c5b1da8d92adaa1464433944c8241496e194d8a099358e6bd3d52ed5a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 09:45:36 GMT
x-amz-version-id: 5dAkc3Vxm3IgdMD0MTwBTNggFiOC7THG
content-encoding: gzip
via: 1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
age: 19428
x-amz-cf-pop: EWR53-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 28 Apr 2023 07:57:17 GMT
server: AmazonS3
etag: W/"8f1538b8c89fc276459abebc43ec692a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2419200
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: gSuViLEpUmjFtHiHU9K0ZIzRbBjte5XIwwtdCYw1tEW9YOOyE67t4Q==

POST
H3 200 view-form-open Show response
psf51mc35ch.typeform.com/forms/lmpfrRij/insights/events/v3/ Frame D115 2 B
1 KB 60ms
59ms Fetch
application/json 104.18.23.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psf51mc35ch.typeform.com/forms/lmpfrRij/insights/events/v3/view-form-open

Requested by

Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.23.9 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 28 Apr 2023 15:09:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-backend: papi
x-release: 4829204443
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
x-build-date: 2023-04-28T11:35:20+02:00
server: cloudflare
access-control-allow-methods: GET, OPTIONS, POST, PUT, PATCH, DELETE
content-type: application/json
access-control-allow-origin: https://psf51mc35ch.typeform.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DWd%2FDk2bvzPRyQVvamqYhm7%2BvVeIxus3tzaO5qNU6F14P3HsfgH70Xkp3h%2BM10j%2F3Ptzq0sN5TLqpq0Lj44nl693xlSc9nBQPZrndGtm6xTyIqsAjWUXefArR8JxJ%2FqaIGjdIZPzBGb9g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Location, X-Request-Id
x-service: insights-3.0
x-commit-sha: 1cef1c02e0ed160c51838b090356729c039af901
cf-ray: 7bf039dd4a5b4343-EWR
access-control-allow-headers: X-Typeform-Key, Content-Type, Authorization, Typeform-Version, typeform-app

GET
H2 200 rudder-analytics.min.js Show response
cdn.rudderlabs.com/v1/ Frame D115 464 KB
133 KB 266ms
9ms Script
text/javascript 2600:9000:202c:e800:16:a497:9700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rudderlabs.com/v1/rudder-analytics.min.js
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:202c:e800:16:a497:9700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d70e2a9892066b77dd06a7ac3516bf647381306c606f702488780a64eb0cb56e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:20:13 GMT
content-encoding: gzip
via: 1.1 4b935afa75041435c91e2b3ed1ab1d26.cloudfront.net (CloudFront)
last-modified: Mon, 24 Apr 2023 10:29:23 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C2
age: 2951
x-amz-server-side-encryption: AES256
etag: W/"9fd2ef50255e80485643ece553a7ede4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=3600
x-amz-cf-id: Slt1PA-qW4XZtcfTLBx0eR-UQ-uggvsJkiOSHSt1KPBWDDhRS9IA_g==

OPTIONS
H2 200 /
rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/ Frame 0
0 103ms
12ms Preflight
text/plain 34.236.90.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/?p=cdn&v=1.31.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.90.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-236-90-28.compute-1.amazonaws.com
Software: uvicorn /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://psf51mc35ch.typeform.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://psf51mc35ch.typeform.com
access-control-max-age: 600
content-length: 2
content-type: text/plain; charset=utf-8
date: Fri, 28 Apr 2023 15:09:23 GMT
server: uvicorn
vary: Origin

GET
H2 200 / Show response
rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/ Frame D115 610 B
744 B 14ms
13ms XHR
application/json 34.236.90.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack-control-plane.cdp.prod.data.typeform.com/sourceConfig/?p=cdn&v=1.31.0
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.90.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-236-90-28.compute-1.amazonaws.com
Software: uvicorn /
Resource Hash: 1e1bfbb50209ae8693353623fab7eeeef5ae1c0ca5d128a40c3be54099e59028

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: en-US,en;q=0.9
Authorization: Basic MjJLTUZoSEpiY3pnR1cwZ0pWM1NCcnpCbE5lOg==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 28 Apr 2023 15:09:23 GMT
access-control-allow-credentials: true
server: uvicorn
content-length: 610
content-type: application/json

POST
H3 200 logImpressions Show response
sites.google.com/_/view/ 16 B
64 B 47ms
47ms XHR
application/json 2607:f8b0:4020:804::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sites.google.com/_/view/logImpressions?authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.zDmzD_Bp-Yo.O/d=1/rs=AGEqA5nUL071JClYJ_Wvjv72WNtLBU8_Dw/m=view

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d47b4a1cc0393424720bded5988a28f4e9146fd265ecb416b79cf0d6ac81f6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sites.google.com/office-remittance.com/hgb?usp=sharing
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 15:09:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track Show response
rudderstack.cdp.prod.data.typeform.com/v1/ Frame D115 2 B
162 B 24ms
24ms XHR
text/plain 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: en-US,en;q=0.9
Authorization: Basic MjJLTUZoSEpiY3pnR1cwZ0pWM1NCcnpCbE5lOg==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
AnonymousId: MjU0OTBhM2UtOTZiYy00ZTZhLTkwNDEtNGUzNTI0NjJkYmI2
Content-Type: application/json

Response headers

access-control-allow-origin: https://psf51mc35ch.typeform.com
date: Fri, 28 Apr 2023 15:09:24 GMT
access-control-allow-credentials: true
content-length: 2
vary: Origin
content-type: text/plain; charset=utf-8

OPTIONS
H2 200 track
rudderstack.cdp.prod.data.typeform.com/v1/ Frame 0
0 45ms
15ms Preflight 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymousid,authorization,content-type
Access-Control-Request-Method: POST
Origin: https://psf51mc35ch.typeform.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Anonymousid, Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://psf51mc35ch.typeform.com
access-control-max-age: 900
content-length: 0
date: Fri, 28 Apr 2023 15:09:23 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 track Show response
rudderstack.cdp.prod.data.typeform.com/v1/ Frame D115 2 B
162 B 21ms
20ms XHR
text/plain 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Requested by: Host: renderer-assets.typeform.com
URL: https://renderer-assets.typeform.com/vendors~form.ea948ae7d71201d2d4ac.renderer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://psf51mc35ch.typeform.com/to/lmpfrRij?typeform-source=www.gstatic.com
accept-language: en-US,en;q=0.9
Authorization: Basic MjJLTUZoSEpiY3pnR1cwZ0pWM1NCcnpCbE5lOg==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
AnonymousId: MjU0OTBhM2UtOTZiYy00ZTZhLTkwNDEtNGUzNTI0NjJkYmI2
Content-Type: application/json

Response headers

access-control-allow-origin: https://psf51mc35ch.typeform.com
date: Fri, 28 Apr 2023 15:09:25 GMT
access-control-allow-credentials: true
content-length: 2
vary: Origin
content-type: text/plain; charset=utf-8

OPTIONS
H2 200 track
rudderstack.cdp.prod.data.typeform.com/v1/ Frame 0
0 32ms
32ms Preflight 54.225.127.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rudderstack.cdp.prod.data.typeform.com/v1/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.127.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-127-151.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymousid,authorization,content-type
Access-Control-Request-Method: POST
Origin: https://psf51mc35ch.typeform.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Anonymousid, Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://psf51mc35ch.typeform.com
access-control-max-age: 900
content-length: 0
date: Fri, 28 Apr 2023 15:09:25 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: psf51mc35ch.typeform.com
URL: https://psf51mc35ch.typeform.com/to/lmpfrRij

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-20 15:48:25	Name: NID Value: 511=ND3WG0T_edfDUxRlNkjTKQ0Wgjvkw7XapzO-1BfkJ9VScMUxFr-uXX2gRkJULXS388t7HtXIChuYHl-n0F26ow1Wwln4aVxCeg75aVRORAhIK5iIqjtnnUgxamfnzbwcr3rMsdXJ777ddNAU-BixunlnDg8mw6PFw2jrrsm1Nd0
.typeform.com/	1970-01-20 11:24:56	Name: __cf_bm Value: tZRfh_n8BPdwrM6Ics1fsOD3rTmmFpbc_HXXLm9yyJE-1682694562-0-ATn6f4yEAG3r5M5D0GnEzX9lI6kPA0jd8ZAeF9jMbMQ16rjCV88wmHp/QoA6FcIgKJTcNt95i8lEMMWBIhxzdXyqIgDbcHnseBfbbHRmfeesl3EK4JMDPLdGj8u0zI3VeLrUuQ4M3uSzdE/U1Lz3XSA=
.typeform.com/	1970-01-20 15:48:25	Name: tf_respondent_cc Value: {%22groups%22:[%222%22]%2C%22timestamp%22:%222023-04-28T15:09:23.123Z%22%2C%22implicitConsent%22:true}
.typeform.com/	1970-01-20 20:10:30	Name: attribution_user_id Value: e3ee9572-1ecf-4765-8902-b3d16a865e6f
psf51mc35ch.typeform.com/	1970-01-20 11:34:59	Name: AWSALBTGCORS Value: 7+HyvumvueY6Is6/4Ks4bNrSorTP8QJAnuxSAU+dPMLGIO/rU2GWYkfvfeOXMCZCobH3vGX+a1Jez29R+lTMb1mGrZzepI2EPlPgxIehTQ83G8YyM9GfjoX8TZEGLsfSkXUYQR79m7SALDJx6zr7Ans+DWh2tGrPU3qWNExE+82j

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-LrrLBUPeNRd58g0akqOwwQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apis.google.com
cdn.rudderlabs.com
fonts.googleapis.com
fonts.gstatic.com
images.typeform.com
lh6.googleusercontent.com
psf51mc35ch.typeform.com
renderer-assets.typeform.com
rudderstack-control-plane.cdp.prod.data.typeform.com
rudderstack.cdp.prod.data.typeform.com
sites.google.com
www.gstatic.com
psf51mc35ch.typeform.com
104.18.23.9
2600:9000:202c:e800:16:a497:9700:93a1
2600:9000:21dd:3600:4:f6ce:61c0:93a1
2600:9000:23ca:5600:8:2495:5540:93a1
2607:f8b0:4006:808::2003
2607:f8b0:4020:804::200e
2607:f8b0:4020:805::200a
2607:f8b0:4020:806::2001
2607:f8b0:4020:807::2003
34.236.90.28
54.225.127.151
04d6f97d531bfc22beda5849186d094e22ea407cf803b10d50232874d300c62e
1374ed0999e594ca05e62750f619f749dea6ae9d1157dd9e9d7d7736524ad964
145607389b6d7d2f4e36c9c3fb075349cb3efa62dc0c067143e2faf3a5a5573c
1e1bfbb50209ae8693353623fab7eeeef5ae1c0ca5d128a40c3be54099e59028
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2bedc118ad4b8018e96dd64b927d0eb07ac64e56968548efd33705c1dddeafb2
2cdd4be55b26feb467f9ba3447bc01640934768ea0e11f889e0e31abfeff9ee0
2e112b8d7e1bca66830defdac4a77c51bfd64f0ef9453ed3496abf4326e1e87e
34dcca06e6cf458c6ff788be0257216800a1e00b53798869bcff220b73851af0
3704afefd25c94315efcbcb4513deedbd292002ec51691e6cffe69d2262d7927
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103
4bc54bdf7044249c87f7f7d063004afbde1f8cb1d64b636c37ccee5fe34f11e6
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
63b03e4533c8c23547e03e6e0fb49e2de2bf597fb03750b9f094c6a758c3dd9f
6480150687761955065dbf8f3b8f168864b24cc0614720e4e56b51dea38d0d71
6e844e960df3006f917a873ce1be3e7b688ab3d68ab44bc5b47def0c9f796ed4
72cea6d0dfd1c92650fc29719a500b05c8f7b997e811b9bfe67af63348f46b17
79565b76118c015de001c3333f8dc9319ec6c601e18fa43965dadce214438a72
8d47b4a1cc0393424720bded5988a28f4e9146fd265ecb416b79cf0d6ac81f6d
914fc1448fd890ce1d7feb66b5c7f29ab637ca1f55d9b7c1b5a2954eb404056b
9377b21ec3ae255d4a94095b52c670b0716d74a8e7a639b78957b9872d6ef244
aa4e1877e0b075dab24321e78f13452df0c7b9047f0d7e3b3e8e564c50da10b5
b5da8d57bc395d05f5067be7a863f2badbf3e32bb82ad3300216811fdc2aca2d
c683a0b24c9732c0eaa4f0e9552d815dde7e4e5eea1270da99e81dd703c950dc
c6dcc27d19122c1cb2d5b2c30730878fbb9e38e140cc4b49f51b97c729b14477
d70e2a9892066b77dd06a7ac3516bf647381306c606f702488780a64eb0cb56e
da4331fd642e6f5ab2fdb08f5041af6ed450f9177191ceedec6cf966753ab1bd
e0b5c7fb93860c848ff1e1bdaaeb5fe3536cfb40ea8073791ed6954526d21bfa
e19b426c5b1da8d92adaa1464433944c8241496e194d8a099358e6bd3d52ed5a
e383b6bc4a168320f6866b83e178fe7bc94612fb6ff925d2ca01c8880b475c68
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f86e9d891b3a08409094557c6011d1c514eca236292f8fb491a92f3d03b175cc
fa62c98e730e29e0c76279345adf39d3b95ce0ffe1695b0936ecfef47b1a7481

sites.google.com Open in urlscan Pro 2607:f8b0:4020:804::200e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

43 Requests

95 %HTTPS

73 %IPv6

6 Domains

12 Subdomains

12 IPs

3 Countries

1863 kBTransfer

6194 kBSize

5 Cookies

0 Outgoing links

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

sites.google.com Open in urlscan Pro
2607:f8b0:4020:804::200e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

95 %
HTTPS

73 %
IPv6

6
Domains

12
Subdomains

12
IPs

3
Countries

1863 kB
Transfer

6194 kB
Size

5
Cookies

43 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!