script.google.com Open in urlscan Pro
2a00:1450:4001:830::200e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
Submission: On August 14 via manual (August 14th 2021, 1:01:04 pm UTC) from DZ

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 11 HTTP transactions. The main IP is 2a00:1450:4001:830::200e, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is script.google.com.
TLS certificate: Issued by GTS CA 1C3 on July 12th 2021. Valid for: 3 months.

This is the only time script.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	104.21.22.181 104.21.22.181	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	6

4 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

script.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.22.181 (United States)

ASN13335 (CLOUDFLARENET, US)

nlzm.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	google.com 1 redirects script.google.com www.google.com	101 KB
3	googleusercontent.com n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com	23 KB
2	gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com	24 KB
1	ru.com nlzm.ru.com	570 B
1	googleapis.com fonts.googleapis.com	461 B
11	5

	Domain	Requested by
4	script.google.com	script.google.com
3	n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com	script.google.com n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
1	nlzm.ru.com	n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
1	encrypted-tbn0.gstatic.com	n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
1	www.gstatic.com	n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
1	www.google.com	1 redirects
1	fonts.googleapis.com	script.google.com
11	7

This site contains no links.

Subject Issuer	Validity	Valid
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-31` - `2022-07-30`	a year	crt.sh

This page contains 3 frames:

Frame: https://nlzm.ru.com/?JnM9am1sX0RhdGluZ18xNDA4MjAyMV9zY3JpcHRnb29nbGU=
Frame ID: AB0885E4F5E2BBB4BA6F6C2701C34ACA
Requests: 6 HTTP requests in this frame

Frame: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel
Frame ID: 9BAAA7636AB2ACDE8300B54AAE2B1EB0
Requests: 2 HTTP requests in this frame

Frame: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/blank
Frame ID: 7A05D4A8FDEE3E74A5EFC4ED198F5E06
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

OpenGSE (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

Page Statistics

11
Requests

100 %
HTTPS

86 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

150 kB
Transfer

562 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://www.google.com/jsapi HTTP 301
https://www.gstatic.com/charts/loader.js

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request exec Show response
script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/ 3 KB
2 KB 398ms
373ms Document
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

085f60fccbffab2fc9d7b283abff862ee9b628eead308f15f23da42d20aa26b8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Em/nxLO6fP8jPpTjN6hQoQ' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: script.google.com
:scheme: https
:path: /macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Aug 2021 13:00:49 GMT
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Em/nxLO6fP8jPpTjN6hQoQ' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: GSE
set-cookie: S=maestro=gPgpddBAs7SvnP2p5V2eljBgVeHbA5Ru4W5y8sn2WP0; Domain=.google.com; Path=/; Secure; HttpOnly; Priority=LOW
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 icon
fonts.googleapis.com/ 568 B
461 B 19ms
16ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: script.google.com
URL: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

53f890086acad394e8e70534d530658477d46f199fb7b7b909b742d611b6bc3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://script.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 14 Aug 2021 13:00:49 GMT
server: ESF
date: Sat, 14 Aug 2021 13:00:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 14 Aug 2021 13:00:49 GMT

GET
H3-29 200 2315271622-mae_html_css_ltr.css
script.google.com/static/macros/client/css/ 260 KB
37 KB 34ms
17ms Stylesheet
text/css 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://script.google.com/static/macros/client/css/2315271622-mae_html_css_ltr.css

Requested by

Host: script.google.com
URL: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1f5c5339a0c18d93d38818ac4f0fb59fb9c56c3acc00cb79ffc15835e65f0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /static/macros/client/css/2315271622-mae_html_css_ltr.css
pragma: no-cache
cookie: S=maestro=gPgpddBAs7SvnP2p5V2eljBgVeHbA5Ru4W5y8sn2WP0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: script.google.com
referer: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 13:00:49 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
last-modified: Thu, 29 Jul 2021 18:10:54 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=0
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38031
x-xss-protection: 0
expires: Sat, 14 Aug 2021 13:00:49 GMT

GET
H3-29 200 1917164999-warden_bin_i18n_warden__de.js Show response
script.google.com/static/macros/client/js/ 171 KB
62 KB 32ms
15ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://script.google.com/static/macros/client/js/1917164999-warden_bin_i18n_warden__de.js

Requested by

Host: script.google.com
URL: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daaee200e755a327ec0ef841f6c07d2dfc2d4f672ff560f984ee07f47816699b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:path: /static/macros/client/js/1917164999-warden_bin_i18n_warden__de.js
pragma: no-cache
cookie: S=maestro=gPgpddBAs7SvnP2p5V2eljBgVeHbA5Ru4W5y8sn2WP0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: script.google.com
referer: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 13:00:49 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
last-modified: Thu, 29 Jul 2021 13:38:17 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=0
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63564
x-xss-protection: 0
expires: Sat, 14 Aug 2021 13:00:49 GMT

GET
H2 200 userCodeAppPanel Show response
n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/ Frame 9BAA 898 B
962 B 150ms
118ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel

Requested by

Host: script.google.com
URL: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0d149a7e6ca8036a62a04fdabe77ba008ee2e7d39c5e8e9fa6bfc180355d1164

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
:scheme: https
:path: /userCodeAppPanel
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://script.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://script.google.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Aug 2021 13:00:49 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 858214781-mae_html_user_bin_i18n_mae_html_user__de.js Show response
n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/static/macros/client/js/ Frame 9BAA 57 KB
22 KB 32ms
15ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/static/macros/client/js/858214781-mae_html_user_bin_i18n_mae_html_user__de.js

Requested by

Host: n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
URL: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7307b45ecd386b0e6f6542350f542f7259aebaf75886760095ed1016c90f20c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 13:00:49 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
last-modified: Thu, 29 Jul 2021 13:38:17 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=0
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22550
x-xss-protection: 0
expires: Sat, 14 Aug 2021 13:00:49 GMT

GET
H3-29 200 blank Show response
n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/ Frame 7A05 107 B
139 B 114ms
113ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/blank

Requested by

Host: n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
URL: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e96a0764601b88a69e05cd4e457e4fd48ec506820f4984c88ac97a57f11a4e6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
:scheme: https
:path: /blank
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel

Response headers

content-type: text/html; charset=utf-8
x-ua-compatible: chrome=IE9
expires: Sun, 14 Aug 2022 13:00:49 GMT
date: Sat, 14 Aug 2021 13:00:49 GMT
cache-control: public, max-age=31536000
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 wardeninit
script.google.com/ 94 B
101 B 115ms
115ms XHR
application/json 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://script.google.com/wardeninit?_reqid=54050&rt=j

Requested by

Host: script.google.com
URL: https://script.google.com/static/macros/client/js/1917164999-warden_bin_i18n_warden__de.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
x-same-domain: 1
origin: https://script.google.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: S=maestro=gPgpddBAs7SvnP2p5V2eljBgVeHbA5Ru4W5y8sn2WP0
content-length: 31
:path: /wardeninit?_reqid=54050&rt=j
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: script.google.com
referer: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
:scheme: https
sec-fetch-site: same-origin
:method: POST
X-Same-Domain: 1
Referer: https://script.google.com/macros/s/AKfycbwrewY_EsIKeKuYHDHwYWF_OkGOeJC_pClwsk3RERQ5i8_62ucBZyxY2SK0EaTqbStppg/exec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 13:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

loader.js Show response
www.gstatic.com/charts/ Frame 7A05
Redirect Chain

https://www.google.com/jsapi
https://www.gstatic.com/charts/loader.js

65 KB
20 KB

25ms
6ms

Script
text/javascript

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/loader.js

Requested by

Host: n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
URL: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

297577d52fce5df45a53b1d2e06469f65ee1dcf2e9bfbc8e2f45dbd06a0de8b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 12:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19937
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 18:41:30 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 14 Aug 2021 13:25:59 GMT

Redirect headers

date: Sat, 14 Aug 2021 12:56:06 GMT
x-content-type-options: nosniff
server: sffe
age: 283
content-type: text/html; charset=UTF-8
location: https://www.gstatic.com/charts/loader.js
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
expires: Sat, 14 Aug 2021 13:26:06 GMT

GET
H2 200 images
encrypted-tbn0.gstatic.com/ Frame 7A05 4 KB
4 KB 34ms
14ms Image
image/png 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQB5jhV7hrugNx5FC9EhZo22BixJ-AeUOX_6A

Requested by

Host: n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
URL: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/static/macros/client/js/858214781-mae_html_user_bin_i18n_mae_html_user__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89d1c6ffd5e9b392a60fb88e38264039b4a3735f1e268496a51c174a61dcea08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 13:00:49 GMT
x-content-type-options: nosniff
last-modified: Sat, 22 Jun 2019 04:34:34 GMT
server: sffe
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4095
x-xss-protection: 0
expires: Sun, 14 Aug 2022 13:00:49 GMT

GET
H2 404 / Show response
nlzm.ru.com/ 0
570 B 174ms
125ms Document
text/html 104.21.22.181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nlzm.ru.com/?JnM9am1sX0RhdGluZ18xNDA4MjAyMV9zY3JpcHRnb29nbGU=
Requested by: Host: n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
URL: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/userCodeAppPanel
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.22.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: nlzm.ru.com
:scheme: https
:path: /?JnM9am1sX0RhdGluZ18xNDA4MjAyMV9zY3JpcHRnb29nbGU=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com/

Response headers

date: Sat, 14 Aug 2021 13:00:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OaEEvgBIm3NNVKwPu9HwzM15DMx5Oge%2FowoLEGqa7DJCOWYNW7BH9thRTyTG20QkIrRkmreSYLlz0Nco4%2FztKMbkG9jqrYCk2hbbtScoxWziEogrnJis9SOoORAbkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67ea5e4acc5a048b-CDG
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Em/nxLO6fP8jPpTjN6hQoQ' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

encrypted-tbn0.gstatic.com
fonts.googleapis.com
n-advlbtyv24pjfe3noayvqmam6bbgha7q5zr2iuy-0lu-script.googleusercontent.com
nlzm.ru.com
script.google.com
www.google.com
www.gstatic.com
104.21.22.181
2a00:1450:4001:80e::2003
2a00:1450:4001:828::2001
2a00:1450:4001:828::200a
2a00:1450:4001:830::200e
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
085f60fccbffab2fc9d7b283abff862ee9b628eead308f15f23da42d20aa26b8
0d149a7e6ca8036a62a04fdabe77ba008ee2e7d39c5e8e9fa6bfc180355d1164
297577d52fce5df45a53b1d2e06469f65ee1dcf2e9bfbc8e2f45dbd06a0de8b4
53f890086acad394e8e70534d530658477d46f199fb7b7b909b742d611b6bc3c
7307b45ecd386b0e6f6542350f542f7259aebaf75886760095ed1016c90f20c5
89d1c6ffd5e9b392a60fb88e38264039b4a3735f1e268496a51c174a61dcea08
c1f5c5339a0c18d93d38818ac4f0fb59fb9c56c3acc00cb79ffc15835e65f0d8
daaee200e755a327ec0ef841f6c07d2dfc2d4f672ff560f984ee07f47816699b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96a0764601b88a69e05cd4e457e4fd48ec506820f4984c88ac97a57f11a4e6a

script.google.com Open in urlscan Pro 2a00:1450:4001:830::200e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

86 %IPv6

5 Domains

7 Subdomains

6 IPs

2 Countries

150 kBTransfer

562 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

script.google.com Open in urlscan Pro
2a00:1450:4001:830::200e Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

86 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

150 kB
Transfer

562 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions