accounts.google.com Open in urlscan Pro
142.250.74.205 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://core-handler.billpocket.com/
Effective URL:
https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.c...
Submission: On October 11 via automatic, source certstream-suspicious (October 11th 2021, 6:04:13 am UTC) — Scanned from DE

Summary HTTP 23 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 23 HTTP transactions. The main IP is 142.250.74.205, located in United States and belongs to GOOGLE, US. The main domain is accounts.google.com.
TLS certificate: Issued by GTS CA 1C3 on September 13th 2021. Valid for: 2 months.

This is the only time accounts.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	13.224.193.33 13.224.193.33	16509 (AMAZON-02) (AMAZON-02)
1 1	52.73.18.28 52.73.18.28	14618 (AMAZON-AES) (AMAZON-AES)
2	142.250.74.205 142.250.74.205	15169 (GOOGLE) (GOOGLE)
8	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
4	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
2	142.250.185.142 142.250.185.142	15169 (GOOGLE) (GOOGLE)
2	142.250.181.238 142.250.181.238	15169 (GOOGLE) (GOOGLE)
23	7

5 13.224.193.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-33.fra2.r.cloudfront.net

core-handler.billpocket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.73.18.28 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-18-28.compute-1.amazonaws.com

billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.205 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f13.1e100.net

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net

accounts.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f14.1e100.net

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	gstatic.com fonts.gstatic.com ssl.gstatic.com	123 KB
5	billpocket.com core-handler.billpocket.com	325 KB
4	google.com accounts.google.com play.google.com	492 KB
2	youtube.com accounts.youtube.com	15 KB
1	amazoncognito.com 1 redirects billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com	2 KB
23	5

	Domain	Requested by
8	fonts.gstatic.com	accounts.google.com
5	core-handler.billpocket.com	core-handler.billpocket.com
4	ssl.gstatic.com
2	play.google.com
2	accounts.youtube.com	core-handler.billpocket.com
2	accounts.google.com	core-handler.billpocket.com accounts.google.com
1	billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com	1 redirects
23	7

This site contains links to these domains. Also see Links.

Domain
support.google.com

Subject Issuer	Validity	Valid
*.core-handler.billpocket.com Amazon	`2020-11-10` - `2021-12-09`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh

This page contains 3 frames:

Primary Page: https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D
Frame ID: 451E3018C923C6F65DC43B0BB009CE1A
Requests: 21 HTTP requests in this frame

Frame: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1933730284&timestamp=1633932248607
Frame ID: D9F937F8BCD9BB8C47F25EB7519E0A77
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/_/bscframe
Frame ID: C87E3336DF0C3E0A5F5356245AB056AA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmelden – Google Konten

Page URL History Show full URLs

https://core-handler.billpocket.com/ Page URL
https://billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fcore-handler.billpocket.com%2F&r... HTTP 302
https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps... Page URL

Page Statistics

23
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

1
Countries

954 kB
Transfer

3301 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://support.google.com/accounts?hl=de
Title: Hilfe

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://core-handler.billpocket.com/ Page URL
https://billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fcore-handler.billpocket.com%2F&response_type=code&client_id=4t756h2a0i7s2efncsfvtd4k7n&identity_provider=Google&scope=email%20openid&state=6AUTxzdIu5OpniiNgKCsBoHTQGhFzBgN&code_challenge=DK-sMqBQGVK8ErdiIJRNpQh-cm9H4vG6GjElnROnVdE&code_challenge_method=S256 HTTP 302
https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
core-handler.billpocket.com/ 2 KB
1 KB 198ms
164ms Document
text/html 13.224.193.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://core-handler.billpocket.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-33.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5816115f49a01eb3f8f65bb67811c5c4753286c439d266afc61adf1baaa708de

Request headers

:method: GET
:authority: core-handler.billpocket.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html
date: Mon, 11 Oct 2021 06:04:07 GMT
last-modified: Tue, 07 Sep 2021 19:41:01 GMT
etag: W/"e48b74ffa3c00b3d2568faa3c2102b74"
x-amz-server-side-encryption: AES256
server: AmazonS3
cache-control: no-cache, s-maxage=2
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: -Z0FzGuAeaQoT9iLB4xvr1Kfo3Vn2jqlNAiyhnQEeYyHTPcJk8w-Ug==

GET
H2 200 2.12a52565.chunk.css
core-handler.billpocket.com/static/css/ 165 KB
26 KB 235ms
234ms Stylesheet
text/css 13.224.193.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://core-handler.billpocket.com/static/css/2.12a52565.chunk.css
Requested by: Host: core-handler.billpocket.com
URL: https://core-handler.billpocket.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-33.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9cffedf9d9d100c8d8dd9edba4f7186ccc34b80166b811100ccfce1058366e84

Request headers

:path: /static/css/2.12a52565.chunk.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: core-handler.billpocket.com
referer: https://core-handler.billpocket.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://core-handler.billpocket.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 11 Oct 2021 06:04:08 GMT
content-encoding: gzip
last-modified: Tue, 07 Sep 2021 19:41:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: W/"13b4df2f199240d2d74ff98b055a039b"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
via: 1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
x-amz-cf-id: 7MX-4BYtT9FOYnoeYPh0ZaIHTAvpqjTn0FVd32ZGmxpmuFbo40kTZg==

GET
H2 200 main.7ed50419.chunk.css
core-handler.billpocket.com/static/css/ 1 KB
1022 B 196ms
195ms Stylesheet
text/css 13.224.193.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://core-handler.billpocket.com/static/css/main.7ed50419.chunk.css
Requested by: Host: core-handler.billpocket.com
URL: https://core-handler.billpocket.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-33.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 29fd762e6cef5088be85942f16256f06ae33b4417d109bfdd7db8abfce949b1b

Request headers

:path: /static/css/main.7ed50419.chunk.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: core-handler.billpocket.com
referer: https://core-handler.billpocket.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://core-handler.billpocket.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 11 Oct 2021 06:04:08 GMT
content-encoding: gzip
last-modified: Tue, 07 Sep 2021 19:41:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: W/"19da703ad8c3de1d0c46b786e2b643e8"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
via: 1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
x-amz-cf-id: BSbvwxzKawf_56IGE8A_Pd0dO0ZNnk0c8jPZFzwn0chJZ-85Jpf9jQ==

GET
H2 200 2.7449d73f.chunk.js Show response
core-handler.billpocket.com/static/js/ 1 MB
282 KB 323ms
323ms Script
application/javascript 13.224.193.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://core-handler.billpocket.com/static/js/2.7449d73f.chunk.js
Requested by: Host: core-handler.billpocket.com
URL: https://core-handler.billpocket.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-33.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 428707a7c127841af0f76f0f31cc1b1628311f4aa4d8b4c90dacbf68215efe31

Request headers

:path: /static/js/2.7449d73f.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: core-handler.billpocket.com
referer: https://core-handler.billpocket.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://core-handler.billpocket.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 11 Oct 2021 06:04:08 GMT
content-encoding: gzip
last-modified: Tue, 07 Sep 2021 19:41:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: W/"77dba11cdf4ecfb34f225d9fc865ed7c"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
x-amz-cf-id: DqmJS8oq6ScQw9jMNLy2uQ1gAcu16KV4OiLunjKqGtEOll7DICoUzw==

GET
H2 200 main.d372e0cb.chunk.js Show response
core-handler.billpocket.com/static/js/ 79 KB
15 KB 270ms
270ms Script
application/javascript 13.224.193.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://core-handler.billpocket.com/static/js/main.d372e0cb.chunk.js
Requested by: Host: core-handler.billpocket.com
URL: https://core-handler.billpocket.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-33.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eb54a4f94beae82b767eb8abc4f978fc4ba39cb613eea2ec216526148c4c1a14

Request headers

:path: /static/js/main.d372e0cb.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: core-handler.billpocket.com
referer: https://core-handler.billpocket.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://core-handler.billpocket.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 11 Oct 2021 06:04:08 GMT
content-encoding: gzip
last-modified: Tue, 07 Sep 2021 19:41:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: W/"867af26fd4d62e6b51ef9b698ae0cde3"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control: no-cache, s-maxage=2
x-amz-cf-id: zYYVg8geCF3K0bXd5v4u5l4odUch2t60kcJ9jfLjlxys_urNp-ENKQ==

GET
H2

200

Primary Request auth Show response
accounts.google.com/o/oauth2/v2/
Redirect Chain

https://billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fcore-handler.billpocket.com%2F&response_type=code&client_id=4t756h2a0i7s2efncsfvtd4...
https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1...

2 MB
491 KB

266ms
224ms

Document
text/html

142.250.74.205
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D

Requested by

Host: core-handler.billpocket.com
URL: https://core-handler.billpocket.com/static/js/2.7449d73f.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.205 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f13.1e100.net

Software

GSE /

Resource Hash

dbbbfc5e038327fe0ab9fc814fbce0c5788a8918beea41913396e091b9ccccd3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dBI8Hp6qOETI8w9PSFRxdw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://core-handler.billpocket.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://core-handler.billpocket.com/

Response headers

content-type: text/html; charset=utf-8
x-frame-options: DENY
x-auto-login: realm=com.google&args=continue%3Dhttps%253A%252F%252Faccounts.google.com%252Fo%252Foauth2%252Fv2%252Fauth%253Fclient_id%253D64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com%2526redirect_uri%253Dhttps%25253A%25252F%25252Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%25252Foauth2%25252Fidpresponse%2526scope%253Demail%252Bopenid%2526response_type%253Dcode%2526state%253DZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%25253D%25253D
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 Oct 2021 06:04:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'report-sample' 'nonce-dBI8Hp6qOETI8w9PSFRxdw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:CN4ta0_5QNKbth1lYb9N3MB22KU6vQ:T8uyiS7Nyo5gZbWb;Path=/;Expires=Wed, 11-Oct-2023 06:04:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

date: Mon, 11 Oct 2021 06:04:07 GMT
content-length: 0
location: https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D
set-cookie: XSRF-TOKEN=0f9bcc22-e912-4f7e-8a1b-513225b25d1e; Path=/; Secure; HttpOnly; SameSite=Lax csrf-state=bdB4tHeOsf63Vm_rb3E16XNUWHj0_GLkSe3AFdSpsQJTJo35nX4YN_apH7Jh9uHX3QOwZC5xLF5F7GzemtAgjYwgo_Bcz3JuTEFt2jik1REQfqKfeuX7kn11q2B6IluaYLm7LZFboQp8U9Yv-S7NdMz85YjsEopV85I7OSWKSTo; Expires=Mon, 11-Oct-2021 06:09:07 GMT; Path=/; Secure; HttpOnly; SameSite=None csrf-state-legacy=bdB4tHeOsf63Vm_rb3E16XNUWHj0_GLkSe3AFdSpsQJTJo35nX4YN_apH7Jh9uHX3QOwZC5xLF5F7GzemtAgjYwgo_Bcz3JuTEFt2jik1REQfqKfeuX7kn11q2B6IluaYLm7LZFboQp8U9Yv-S7NdMz85YjsEopV85I7OSWKSTo; Expires=Mon, 11-Oct-2021 06:09:07 GMT; Path=/; Secure; HttpOnly
x-amz-cognito-request-id: 7f78972a-871a-4952-86d1-a5b92a93908c
x-application-context: application:prod:8443
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
server: Server

GET
DATA 200
OK truncated
/ 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
15 KB 28ms
6ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/v2/auth?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 19:58:13 GMT
x-content-type-options: nosniff
age: 554755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Oct 2022 19:58:13 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
15 KB 12ms
11ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 01:35:26 GMT
x-content-type-options: nosniff
age: 534522
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Oct 2022 01:35:26 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ 21 KB
21 KB 14ms
13ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 09:22:47 GMT
x-content-type-options: nosniff
age: 247281
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21464
x-xss-protection: 0
last-modified: Mon, 22 Apr 2019 23:42:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 08 Oct 2022 09:22:47 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ 21 KB
21 KB 18ms
18ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 09:23:10 GMT
x-content-type-options: nosniff
age: 247258
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21700
x-xss-protection: 0
last-modified: Mon, 22 Apr 2019 23:43:33 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 08 Oct 2022 09:23:10 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ 12 KB
12 KB 9ms
9ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 18:00:42 GMT
x-content-type-options: nosniff
age: 561806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11936
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 04 Oct 2022 18:00:42 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4WxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ 7 KB
7 KB 7ms
7ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4WxKOzY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 07:25:53 GMT
x-content-type-options: nosniff
age: 599895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7276
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:54 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Oct 2022 07:25:53 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ 10 KB
10 KB 7ms
7ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 15:14:50 GMT
x-content-type-options: nosniff
age: 571758
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9832
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:49 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Oct 2022 15:14:50 GMT

GET
H2 200 m=n73qwf,MpJwZc,otPmVb,rlNAl Show response
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.h3ISDTq5P0s.O/am=A6Ao3ACJBxAAgIABAAAAAAAAAIwNmElz-whH/d=0/excm=glif_initial_css/ed=1/rs=ABkqax3I0rsCEkexXjtaDZB53T9qYgAk2g/ 2 KB
2 KB 57ms
16ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.h3ISDTq5P0s.O/am=A6Ao3ACJBxAAgIABAAAAAAAAAIwNmElz-whH/d=0/excm=glif_initial_css/ed=1/rs=ABkqax3I0rsCEkexXjtaDZB53T9qYgAk2g/m=n73qwf,MpJwZc,otPmVb,rlNAl

Requested by

Host:
URL: /accounts/static/_/js/k=gaia.gaiafe_glif.de.h3ISDTq5P0s.O/am=A6Ao3ACJBxAAgIABAAAAAAAAAIwNmElz-whH/d=1/excm=glif_initial_css/rs=ABkqax3I0rsCEkexXjtaDZB53T9qYgAk2g/m=glifb,identifier_view,unknownerror_view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

4c6a2ae01950074d05a9318d701ad1499a00d607d7408c3da723a526dc1deffb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 10:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417524
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gaia-moduleserver-writers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 836
x-xss-protection: 0
last-modified: Sat, 02 Oct 2021 21:46:26 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"gaia-moduleserver-writers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gaia-moduleserver-writers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="gaia-moduleserver-writers"
expires: Thu, 06 Oct 2022 10:05:24 GMT

GET
H2 200 CheckConnection Show response
accounts.youtube.com/accounts/ Frame D9F9 31 KB
13 KB 82ms
31ms Document
text/html 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1933730284&timestamp=1633932248607

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f14.1e100.net

Software

ESF /

Resource Hash

9cb5b7f10c33b697cd7df51a6d17711e6d64f04dcda403430679378bbedce12c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport script-src 'report-sample' 'nonce-8jhm3iApxBb1BRCehIWMdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' script-src 'nonce-8jhm3iApxBb1BRCehIWMdg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;frame-ancestors https://accounts.google.com
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://accounts.google.com
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.youtube.com
:scheme: https
:path: /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1933730284&timestamp=1633932248607
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/

Response headers

content-type: text/html; charset=utf-8
x-frame-options: ALLOW-FROM https://accounts.google.com
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 Oct 2021 06:04:08 GMT
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport script-src 'report-sample' 'nonce-8jhm3iApxBb1BRCehIWMdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' script-src 'nonce-8jhm3iApxBb1BRCehIWMdg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;frame-ancestors https://accounts.google.com
cross-origin-opener-policy: same-origin; report-to="AccountsDomainCookiesCheckConnectionHttp"
report-to: {"group":"AccountsDomainCookiesCheckConnectionHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsDomainCookiesCheckConnectionHttp/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ 5 KB
5 KB 20ms
14ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 10:51:06 GMT
x-content-type-options: nosniff
age: 587582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5224
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Oct 2022 10:51:06 GMT

GET
H3 200 m=sy32,sy31,i5dxUd,m9oV,RAnnUd,sy33,sy34,sy35,uu7UOe,sy36,sy37,sy38,soHxf Show response
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.h3ISDTq5P0s.O/am=A6Ao3ACJBxAAgIABAAAAAAAAAIwNmElz-whH/d=0/excm=glif_initial_css/ed=1/rs=ABkqax3I0rsCEkexXjtaDZB53T9qYgAk2g/ 26 KB
8 KB 26ms
7ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

e44cf5aaa232e98811a149a9f0d601e61b024759826468aa16597ad5a131b4df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 05:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519397
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gaia-moduleserver-writers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7721
x-xss-protection: 0
last-modified: Sat, 02 Oct 2021 21:46:26 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"gaia-moduleserver-writers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gaia-moduleserver-writers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="gaia-moduleserver-writers"
expires: Wed, 05 Oct 2022 05:47:31 GMT

GET
H3 200 m=QOLEBb Show response
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.h3ISDTq5P0s.O/am=A6Ao3ACJBxAAgIABAAAAAAAAAIwNmElz-whH/d=0/excm=glif_initial_css/ed=1/rs=ABkqax3I0rsCEkexXjtaDZB53T9qYgAk2g/ 818 B
556 B 8ms
8ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.h3ISDTq5P0s.O/am=A6Ao3ACJBxAAgIABAAAAAAAAAIwNmElz-whH/d=0/excm=glif_initial_css/ed=1/rs=ABkqax3I0rsCEkexXjtaDZB53T9qYgAk2g/m=QOLEBb

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

364fac185f2ba7dfe6eb5c783dc3bad16da3b0b2407f407547422268139ee3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 02:09:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 532492
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gaia-moduleserver-writers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 530
x-xss-protection: 0
last-modified: Sat, 02 Oct 2021 21:46:26 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"gaia-moduleserver-writers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gaia-moduleserver-writers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="gaia-moduleserver-writers"
expires: Wed, 05 Oct 2022 02:09:16 GMT

GET
H3 200 bscframe Show response
accounts.google.com/_/ Frame C87E 15 B
69 B 49ms
29ms Document
text/html 142.250.74.205
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/_/bscframe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.205 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f13.1e100.net

Software

ESF /

Resource Hash

c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-eval';require-trusted-types-for 'script';object-src 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /_/bscframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://accounts.google.com/o/oauth2/v2/auth/identifier?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email%20openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D&flowName=GeneralOAuthFlow
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:CN4ta0_5QNKbth1lYb9N3MB22KU6vQ:T8uyiS7Nyo5gZbWb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/o/oauth2/v2/auth/identifier?client_id=64282322915-vaehu9uon409l0iul5qudrmtg5d5e4ui.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fbillpocket-core-handler-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email%20openid&response_type=code&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMUUxYWpWblEzbG5ZU0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJa2R2YjJkc1pTSXNJbU5zYVdWdWRFbGtJam9pTkhRM05UWm9NbUV3YVRkek1tVm1ibU56Wm5aMFpEUnJOMjRpTENKeVpXUnBjbVZqZEZWU1NTSTZJbWgwZEhCek9pOHZZMjl5WlMxb1lXNWtiR1Z5TG1KcGJHeHdiMk5yWlhRdVkyOXRMeUlzSW5KbGMzQnZibk5sVkhsd1pTSTZJbU52WkdVaUxDSndjbTkyYVdSbGNsUjVjR1VpT2lKSGIyOW5iR1VpTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpWFN3aWMzUmhkR1VpT2lJMlFWVlVlSHBrU1hVMVQzQnVhV2xPWjB0RGMwSnZTRlJSUjJoR2VrSm5UaUlzSW1OdlpHVkRhR0ZzYkdWdVoyVWlPaUpFU3kxelRYRkNVVWRXU3poRmNtUnBTVXBTVG5CUmFDMWpiVGxJTkhaSE5rZHFSV3h1VWs5dVZtUkZJaXdpWTI5a1pVTm9ZV3hzWlc1blpVMWxkR2h2WkNJNklsTXlOVFlpTENKdWIyNWpaU0k2SW1Ka1FqUjBTR1ZQYzJZMk0xWnRYM0ppTTBVeE5saE9WVmRJYWpCZlIweHJVMlV6UVVaa1UzQnpVVXBVU204ek5XNVlORmxPWDJGd1NEZEthRGwxU0ZnelVVOTNXa00xZUV4R05VWTNSM3BsYlhSQloycFpkMmR2WDBKamVqTktkVlJGUm5ReWFtbHJNVkpGVVdaeFMyWmxkVmczYTI0eE1YRXlRalpKYkhWaFdVeHROMHhhUm1KdlVYQTRWVGxaZGkxVE4wNWtUWG80TlZscWMwVnZjRlk0TlVrM1QxTlhTMU5VYnlJc0luTmxjblpsY2todmMzUlFiM0owSWpvaVltbHNiSEJ2WTJ0bGRDMWpiM0psTFdoaGJtUnNaWEl0Y0hKdlpDNWhkWFJvTG5WekxXVmhjM1F0TVM1aGJXRjZiMjVqYjJkdWFYUnZMbU52YlNJc0ltTnlaV0YwYVc5dVZHbHRaVk5sWTI5dVpITWlPakUyTXpNNU16SXlORGNzSW5ObGMzTnBiMjRpT201MWJHd3NJblZ6WlhKQmRIUnlhV0oxZEdWeklqcHVkV3hzTENKemRHRjBaVVp2Y2t4cGJtdHBibWRUWlhOemFXOXVJanBtWVd4elpYMD06dVdNOHkxWXBDeElld1RGRFo5THJ3SWMwczhCZnY5dkU5Wk5Dc2NEMi9Wbz06Mw%3D%3D&flowName=GeneralOAuthFlow

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 Oct 2021 06:04:08 GMT
content-security-policy: script-src 'unsafe-eval';require-trusted-types-for 'script';object-src 'none'
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInSignUpUi"
report-to: {"group":"AccountsSignInSignUpUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=pSCR3bTyTnXPJYueFHpRXJW1W7Dbx7vGxV9cj_NPgAO3RAT_hHfFcWwzf4E1x1kwHjo5mf4DKrqPTecy8poMBTcDsxx5lo-ad7518RpryeJ6YAQVKlQOqfmu9ZRliMmDAuUFz857ZtXSBfHaKa3EMNxdZrvsUkZed0Pye109tK8; expires=Tue, 12-Apr-2022 06:04:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 m=sy42,sy43,sy40,sy2e,sy41,sy5w,pwd_view Show response
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.de.h3ISDTq5P0s.O/am=A6Ao3ACJBxAAgIABAAAAAAAAAIwNmElz-whH/d=0/excm=glif_initial_css/ed=1/rs=ABkqax3I0rsCEkexXjtaDZB53T9qYgAk2g/ 17 KB
6 KB 10ms
10ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

99eb0229b412673ac084c0a9c37fc5363b39f4cca36008838321c502cc326b45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 19:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 469286
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gaia-moduleserver-writers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6371
x-xss-protection: 0
last-modified: Sat, 02 Oct 2021 21:46:26 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"gaia-moduleserver-writers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gaia-moduleserver-writers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="gaia-moduleserver-writers"
expires: Wed, 05 Oct 2022 19:42:42 GMT

POST
H3 404 cspreport
accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/ Frame D9F9 2 KB
2 KB 22ms
7ms Other
text/html 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/cspreport
Requested by: Host: core-handler.billpocket.com
URL: https://core-handler.billpocket.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f14.1e100.net
Software: /
Resource Hash: d5f986569d61220db701c5d5b5865b8e71c080e34dd96cb8c3102e31fe7bdb77

Request headers

Referer: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1933730284&timestamp=1633932248607
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 11 Oct 2021 06:04:08 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1613
content-type: text/html; charset=UTF-8

POST
H2 200 log Show response
play.google.com/ 131 B
196 B 94ms
54ms XHR
text/plain 142.250.181.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 11 Oct 2021 06:04:08 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://accounts.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

POST
H2 200 log Show response
play.google.com/ 131 B
543 B 69ms
54ms XHR
text/plain 142.250.181.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 11 Oct 2021 06:04:08 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://accounts.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com/	1969-12-31 23:59:59	Name: XSRF-TOKEN Value: 0f9bcc22-e912-4f7e-8a1b-513225b25d1e
billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com/	1970-01-19 21:52:12	Name: csrf-state Value: bdB4tHeOsf63Vm_rb3E16XNUWHj0_GLkSe3AFdSpsQJTJo35nX4YN_apH7Jh9uHX3QOwZC5xLF5F7GzemtAgjYwgo_Bcz3JuTEFt2jik1REQfqKfeuX7kn11q2B6IluaYLm7LZFboQp8U9Yv-S7NdMz85YjsEopV85I7OSWKSTo
billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com/	1970-01-19 21:52:12	Name: csrf-state-legacy Value: bdB4tHeOsf63Vm_rb3E16XNUWHj0_GLkSe3AFdSpsQJTJo35nX4YN_apH7Jh9uHX3QOwZC5xLF5F7GzemtAgjYwgo_Bcz3JuTEFt2jik1REQfqKfeuX7kn11q2B6IluaYLm7LZFboQp8U9Yv-S7NdMz85YjsEopV85I7OSWKSTo
accounts.google.com/	1970-01-20 15:23:24	Name: __Host-GAPS Value: 1:CN4ta0_5QNKbth1lYb9N3MB22KU6vQ:T8uyiS7Nyo5gZbWb
.google.com/	1970-01-20 02:15:43	Name: NID Value: 511=pSCR3bTyTnXPJYueFHpRXJW1W7Dbx7vGxV9cj_NPgAO3RAT_hHfFcWwzf4E1x1kwHjo5mf4DKrqPTecy8poMBTcDsxx5lo-ad7518RpryeJ6YAQVKlQOqfmu9ZRliMmDAuUFz857ZtXSBfHaKa3EMNxdZrvsUkZed0Pye109tK8

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/cspreport Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
accounts.youtube.com
billpocket-core-handler-prod.auth.us-east-1.amazoncognito.com
core-handler.billpocket.com
fonts.gstatic.com
play.google.com
ssl.gstatic.com
13.224.193.33
142.250.181.238
142.250.185.142
142.250.185.227
142.250.186.99
142.250.74.205
52.73.18.28
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740
29fd762e6cef5088be85942f16256f06ae33b4417d109bfdd7db8abfce949b1b
364fac185f2ba7dfe6eb5c783dc3bad16da3b0b2407f407547422268139ee3ba
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
428707a7c127841af0f76f0f31cc1b1628311f4aa4d8b4c90dacbf68215efe31
4c6a2ae01950074d05a9318d701ad1499a00d607d7408c3da723a526dc1deffb
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
5816115f49a01eb3f8f65bb67811c5c4753286c439d266afc61adf1baaa708de
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
99eb0229b412673ac084c0a9c37fc5363b39f4cca36008838321c502cc326b45
9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7
9cb5b7f10c33b697cd7df51a6d17711e6d64f04dcda403430679378bbedce12c
9cffedf9d9d100c8d8dd9edba4f7186ccc34b80166b811100ccfce1058366e84
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e
d5f986569d61220db701c5d5b5865b8e71c080e34dd96cb8c3102e31fe7bdb77
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d
dbbbfc5e038327fe0ab9fc814fbce0c5788a8918beea41913396e091b9ccccd3
e44cf5aaa232e98811a149a9f0d601e61b024759826468aa16597ad5a131b4df
eb54a4f94beae82b767eb8abc4f978fc4ba39cb613eea2ec216526148c4c1a14

accounts.google.com Open in urlscan Pro 142.250.74.205 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

23 Requests

100 %HTTPS

0 %IPv6

5 Domains

7 Subdomains

7 IPs

1 Countries

954 kBTransfer

3301 kBSize

5 Cookies

1 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

5 Cookies

3 Console Messages

Indicators

accounts.google.com Open in urlscan Pro
142.250.74.205 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

1
Countries

954 kB
Transfer

3301 kB
Size

5
Cookies

23 HTTP transactions
1 data transactions