lh3.googleusercontent.com Open in urlscan Pro
2607:f8b0:4004:802::2001 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://twitte.ga/TPY14C
Effective URL:
https://lh3.googleusercontent.com/qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300
Submission: On May 09 via manual (May 9th 2017, 7:05:35 pm UTC) from NO

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 2607:f8b0:4004:802::2001, located in United States and belongs to GOOGLE - Google Inc., US. The main domain is lh3.googleusercontent.com.
TLS certificate: Issued by Google Internet Authority G2 on April 27th 2017. Valid for: 3 months.

This is the only time lh3.googleusercontent.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
2	2607:f8b0:400... 2607:f8b0:4004:802::2001		15169 (GOOGLE) (GOOGLE - Google Inc.)
2	1

2 2607:f8b0:4004:802::2001 (United States)

ASN15169 (GOOGLE - Google Inc., US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	googleusercontent.com lh3.googleusercontent.com	25 KB
2	1

	Domain	Requested by
2	lh3.googleusercontent.com
2	1

This site contains no links.

Subject Issuer	Validity	Valid
*.googleusercontent.com Google Internet Authority G2	`2017-04-27` - `2017-07-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lh3.googleusercontent.com/qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300
Frame ID: 2823.1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

2
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

25 kB
Transfer

25 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300 Show response
lh3.googleusercontent.com/
Redirect Chain

http://grabify.link/TPY14C
https://lh3.googleusercontent.com/qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300

24 KB
24 KB

278ms
92ms

Document
image/png

2607:f8b0:4004:802::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://lh3.googleusercontent.com/qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2607:f8b0:4004:802::2001 , United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

fife /

Resource Hash

da8817f0a81cf939e5134cae431f370d9b5d67b8c0782ed5da7f2aecbebf8eb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300
pragma: no-cache
accept-encoding: gzip, deflate, sdch, br
accept-language: en-US,en;q=0.8
upgrade-insecure-requests: 1
user-agent: Jan?cp kra Det utr?gge Nörge ?
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
cache-control: no-cache
:authority: lh3.googleusercontent.com
:scheme: https
:method: GET
User-Agent: Janṁcp kra Det utrȳgge Nörge ۝

Response headers

date: Tue, 09 May 2017 18:09:14 GMT
x-content-type-options: nosniff
age: 3371
status: 200
content-disposition: inline;filename="unnamed.png"
alt-svc: quic=":443"; ma=2592000; v="37,36,35"
content-length: 24827
x-xss-protection: 1; mode=block
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
expires: Wed, 10 May 2017 18:09:14 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 09 May 2017 19:05:23 GMT
x-content-type-options: nosniff
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.0.7
x-abuse: abuse@darkn3ss.com
Content-Type: text/html; charset=UTF-8
Location: https://lh3.googleusercontent.com/qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300
Cache-Control: no-store, no-cache, must-revalidate
Set-Cookie: PHPSESSID=igsmlpbuo0fg1a86d86bj7mfb4; path=/
X-Robots-Tag: noindex, nofollow
Content-Length: 24660
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 favicon.ico
lh3.googleusercontent.com/ 1 KB
490 B 93ms
92ms Other
image/x-icon 2607:f8b0:4004:802::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://lh3.googleusercontent.com/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2607:f8b0:4004:802::2001 , United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

fife /

Resource Hash

527ead21e41e6af030d36f12469dccbd195d71bc2ee68cc464a9ec47b6997e31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /favicon.ico
pragma: no-cache
accept-encoding: gzip, deflate, sdch, br
accept-language: en-US,en;q=0.8
user-agent: Jan?cp kra Det utr?gge Nörge ?
accept: image/webp,image/*,*/*;q=0.8
cache-control: no-cache
:authority: lh3.googleusercontent.com
referer: https://lh3.googleusercontent.com/qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300
:scheme: https
x-client-data: CIi2yQEIpLbJAQ==
:method: GET
Referer: https://lh3.googleusercontent.com/qenmMQqo0uOkmWDdnWZraOAFKf-Uvqk-AMFzhv6b0g4aeH-mDWxnEn6kVehNW2SZz0I=w300
User-Agent: Janṁcp kra Det utrȳgge Nörge ۝

Response headers

date: Tue, 09 May 2017 12:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 May 2017 12:50:32 GMT
server: fife
age: 22493
content-type: image/x-icon
status: 200
cache-control: public, max-age=86400, no-transform
alt-svc: quic=":443"; ma=2592000; v="37,36,35"
content-length: 481
x-xss-protection: 1; mode=block
expires: Wed, 10 May 2017 12:50:32 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lh3.googleusercontent.com
2607:f8b0:4004:802::2001
527ead21e41e6af030d36f12469dccbd195d71bc2ee68cc464a9ec47b6997e31
da8817f0a81cf939e5134cae431f370d9b5d67b8c0782ed5da7f2aecbebf8eb9

lh3.googleusercontent.com Open in urlscan Pro 2607:f8b0:4004:802::2001 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

2 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

25 kBTransfer

25 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

lh3.googleusercontent.com Open in urlscan Pro
2607:f8b0:4004:802::2001 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

25 kB
Transfer

25 kB
Size

0
Cookies

2 HTTP transactions
0 data transactions