urlscan.io logo urlscan.io
SecurityTrails logo

script.google.com Open in urlscan Pro
172.217.24.238  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.auth.churchbot.net/
Effective URL: https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec
Submission: On July 26 via automatic, source certstream-suspicious — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 172.217.24.238, located in United States and belongs to GOOGLE, US. The main domain is script.google.com. The Cisco Umbrella rank of the primary domain is 31891.
TLS certificate: Issued by WR2 on July 1st 2024. Valid for: 3 months.
This is the only time script.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 175.45.181.109 133159 (MAMMOTHME...)
1 172.217.24.238 15169 (GOOGLE)
2 142.250.76.3 15169 (GOOGLE)
3 2
Apex Domain
Subdomains		 Transfer
2 gstatic.com
ssl.gstatic.com
7 KB
1 google.com
script.google.com — Cisco Umbrella Rank: 31891
892 B
1 churchbot.net
www.auth.churchbot.net
1 KB
3 3
Domain Requested by
2 ssl.gstatic.com script.google.com
1 script.google.com
1 www.auth.churchbot.net 1 redirects
3 3

This site contains no links.

Subject Issuer Validity Valid
*.google.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec
Frame ID: 88A12C7326E225F60FD2529EFDD75358
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Error

Page URL History Show full URLs

  1. https://www.auth.churchbot.net/ HTTP 301
    https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec Page URL

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

8 kB
Transfer

12 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.auth.churchbot.net/ HTTP 301
    https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request exec
script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/
Redirect Chain
  • https://www.auth.churchbot.net/
  • https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec
647 B
892 B 		Document
General
Check archive.org
Download Go to
Full URL
https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.24.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
del03s05-in-f14.1e100.net
Software
GSE /
Resource Hash
e15a9bc1db117ed0427cd1f8b112346a42b19c47a10f0638e57e3657ce141c30
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-0l6yWruvBFbcyrWagW-tTA' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-0l6yWruvBFbcyrWagW-tTA' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
content-type
text/html; charset=utf-8
date
Fri, 26 Jul 2024 01:18:53 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
795
content-type
text/html
date
Fri, 26 Jul 2024 01:18:52 GMT
location
https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec
server
LiteSpeed
logo.png
ssl.gstatic.com/docs/script/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/docs/script/images/logo.png
Requested by
Host: script.google.com
URL: https://script.google.com/macros/s/AKfycby-mRfD80oSoccgToHv1SPpXPdrzucQARG3Sn3dupNicWy_EAA/exec
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.76.3 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
nchkga-ac-in-f3.1e100.net
Software
sffe /
Resource Hash
b2264b317a5684e0ad0c4f0169c6fc6ff9cedff995461138831629ce88427cc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://script.google.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 10:37:00 GMT
x-content-type-options
nosniff
age
225713
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-macros
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6227
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 22:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-macros"
vary
Origin
report-to
{"group":"apps-macros","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-macros"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Jul 2025 10:37:00 GMT
favicon.ico
ssl.gstatic.com/docs/script/images/ 		5 KB
337 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/docs/script/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.76.3 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
nchkga-ac-in-f3.1e100.net
Software
sffe /
Resource Hash
b8befa18d4109cc6311a75cc9ad7fab6aaaf6df93e9894a6f81f96dc86c57a05
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://script.google.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 10:10:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
227278
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-macros
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
213
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 22:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-macros"
vary
Accept-Encoding, Origin
report-to
{"group":"apps-macros","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-macros"}]}
content-type
image/x-icon
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Jul 2025 10:10:56 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'report-sample' 'nonce-0l6yWruvBFbcyrWagW-tTA' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block