probe pandora.com: False positive due to country restriction page

Describe the bug

Pandora is not available in many countries. Trying to access pandora.com website, you are redirected to https://www.pandora.com/restricted

To Reproduce

$ ./miniooni --emoji [email protected] -i http://pandora.com
[      0.000025]    Current time: 2022-10-02 20:17:46 +07
[      0.000061]    miniooni home directory: $HOME/.miniooni
[      0.000165]    Looking up OONI backends; please be patient...
2022/10/02 20:17:47 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
[      0.658126]    sessionresolver: http3://mozilla.cloudflare-dns.com/dns-query... ok
[      1.296860]    session: using probe services: {Address:https://api.ooni.io Type:https Front:}
[      1.296916]    Looking up your location; please be patient...
[      1.297057]    iplookup: using stun_google
[      2.194629]    - country: KH
[      2.194645]    - network: COGETEL Co., Ltd (AS23673)
[      2.194648]    - resolver's IP: 162.158.169.32
[      2.194651]    - resolver's network: Cloudflare, Inc. (AS13335)
[      2.194684]    [1/1] running with input: http://pandora.com
[      2.337992]    [#3] lookup pandora.com using system... ok
[      2.695435]    [#1] lookup pandora.com using 8.8.4.4:53... in progress
[      2.695507]    [#2] lookup pandora.com using https://mozilla.cloudflare-dns.com/dns-query... in progress
[      2.970122]    [#2] lookup pandora.com using https://mozilla.cloudflare-dns.com/dns-query... ok
[      3.085138]    DNS whoami for 8.8.4.4:53/udp resolver: [{Address:172.253.211.72}]
[      3.088530]    DNS whoami for system resolver: [{Address:162.158.169.32}]
[      7.195537]    [#1] lookup pandora.com using 8.8.4.4:53... ok
[      7.195765]    using resolved addrs: [{Addr:208.85.40.158 Flags:7} {Addr:2620:106:e003:f00e::64 Flags:5}]
[      7.195822]    prioritySelector: create with [{Addr:208.85.40.158 Flags:7} {Addr:2620:106:e003:f00e::64 Flags:5}]
[      7.196265]    [#5] GET http://pandora.com using [2620:106:e003:f00e::64]:80... network_unreachable
[      7.202577]    [#7] GET https://pandora.com using [2620:106:e003:f00e::64]:443... network_unreachable
[      7.442757]    prioritySelector: conn 208.85.40.158:80: granted permission: true
[      7.696370]    [#4] GET http://pandora.com using 208.85.40.158:80... in progress
[      7.696455]    control for http://pandora.com using https://0.th.ooni.org... in progress
[      7.696450]    [#6] GET https://pandora.com using 208.85.40.158:443... in progress
[      7.697563]    redirect to: https://www.pandora.com
[      7.697611]    [#4] GET http://pandora.com using 208.85.40.158:80... ok
[      7.697826]    DNS whoami for 8.8.4.4:53/udp resolver: [{Address:172.253.211.72}]
[      7.697925]    DNS whoami for system resolver: [{Address:162.158.169.32}]
[      7.865410]    sessionresolver: http3://cloudflare-dns.com/dns-query... ok
[      7.988504]    [#9] lookup www.pandora.com using 8.8.4.4:53... ok
[      8.198634]    [#8] lookup www.pandora.com using system... in progress
[      8.204530]    [#8] lookup www.pandora.com using system... ok
[      8.204606]    using resolved addrs: [{Addr:199.116.164.229 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:3}]
[      8.204672]    prioritySelector: create with [{Addr:199.116.164.229 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:3}]
[      8.204989]    [#11] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... network_unreachable
[      8.217362]    [#6] GET https://pandora.com using 208.85.40.158:443... stop after TLS handshake
[      8.705426]    [#10] GET https://www.pandora.com using 199.116.164.229:443... in progress
[      8.738614]    control for http://pandora.com using https://0.th.ooni.org... ok
[      8.738643]    additional addrs discovered by the TH: []
[      8.919544]    prioritySelector: conn 199.116.164.229:443: granted permission: true
[      9.156692]    redirect to: https://www.pandora.com/restricted
[      9.156745]    [#10] GET https://www.pandora.com using 199.116.164.229:443... ok
[      9.156912]    using previously-cached addrs: [{Addr:199.116.164.229 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:3}]
[      9.157006]    prioritySelector: create with [{Addr:199.116.164.229 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:3}]
[      9.157279]    [#13] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... network_unreachable
[      9.658193]    [#12] GET https://www.pandora.com using 199.116.164.229:443... in progress
[      9.868303]    prioritySelector: conn 199.116.164.229:443: granted permission: true
[     10.108999]    [#12] GET https://www.pandora.com using 199.116.164.229:443... ok
[     10.109365] 🔥 DNS: unexpected failure generic_timeout_error in #1
[     10.109412] 🔥 DNSConsistency: inconsistent
[     10.109434]    HTTP: HTTPS && no error => #12 is successful
[     10.109446] 🔥 ANOMALY: flags=33, accessible=false, blocking=dns
[     10.117872]    submitting measurement to OONI collector; please be patient...
[     10.335435]    New reportID: 20221002T131757Z_webconnectivity_KH_23673_n1_k3Fhso92KkZuekCl
[     10.975167]    saving measurement to disk
[     10.984382]    experiment: recv   0.00  byte, sent   0.00  byte
[     10.985690]    sessionresolver: [{"URL":"http3://cloudflare-dns.com/dns-query","Score":1},{"URL":"http3://mozilla.cloudflare-dns.com/dns-query","Score":0.999},{"URL":"https://cloudflare-dns.com/dns-query","Score":0.999},{"URL":"https://dns.google/dns-query","Score":0},{"URL":"https://dns.quad9.net/dns-query","Score":0},{"URL":"http3://dns.google/dns-query","Score":0},{"URL":"https://mozilla.cloudflare-dns.com/dns-query","Score":0},{"URL":"system:///","Score":0}]
[     10.986093]    whole session: recv   5.49 kbyte, sent  66.61 kbyte

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

System information (if applicable):

Device: Android One / Nokia HMD
OS: 11
OONI Probe version: Latest Additional context

Add any other context about the problem here.

Oct 02 '22 13:10 arky

This is the OONI measurement URL.

The issue is that there's an IPv6 lookup timeout. However, it's a bit tricky to say the DNS failed given that A actually succeded. In fact, the log message says:

[      7.195537]    [#1] lookup pandora.com using 8.8.4.4:53... ok

So, we need to decide what to do in case there is a partial timeout. Is this enough to say censorship? Shall we retry a given query in case there is a timeout?

Oct 03 '22 11:10 bassosimone

Running the same test now results in #httpdiff.

$ ./miniooni --emoji [email protected] -i http://www.pandora.com
[      0.000031]    Current time: 2022-10-03 18:16:44 +07
[      0.000061]    miniooni home directory: $HOME/.miniooni
[      0.000177]    Looking up OONI backends; please be patient...
2022/10/03 18:16:44 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
[      0.299112]    sessionresolver: http3://mozilla.cloudflare-dns.com/dns-query... ok
[      1.140410]    session: using probe services: {Address:https://api.ooni.io Type:https Front:}
[      1.140455]    Looking up your location; please be patient...
[      1.140526]    iplookup: using cloudflare
[      1.271651]    sessionresolver: http3://mozilla.cloudflare-dns.com/dns-query... ok
[      1.702108]    - country: KH
[      1.702157]    - network: COGETEL Co., Ltd (AS23673)
[      1.702174]    - resolver's IP: 162.158.161.154
[      1.702185]    - resolver's network: Cloudflare, Inc. (AS13335)
[      1.702271]    [1/1] running with input: http://www.pandora.com
[      1.947189]    [#1] lookup www.pandora.com using 8.8.4.4:53... ok
[      2.061989]    DNS whoami for 8.8.4.4:53/udp resolver: [{Address:74.125.190.25}]
[      2.063727]    DNS whoami for system resolver: [{Address:162.158.161.154}]
[      2.107478]    [#2] lookup www.pandora.com using system... ok
[      2.203541]    [#3] lookup www.pandora.com using https://mozilla.cloudflare-dns.com/dns-query... in progress
[      2.285675]    [#3] lookup www.pandora.com using https://mozilla.cloudflare-dns.com/dns-query... ok
[      2.285794]    using resolved addrs: [{Addr:208.85.41.59 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:5} {Addr:2620:106:e001:f00d::e7 Flags:2} {Addr:199.116.164.229 Flags:4}]
[      2.285841]    prioritySelector: create with [{Addr:208.85.41.59 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:5} {Addr:2620:106:e001:f00d::e7 Flags:2} {Addr:199.116.164.229 Flags:4}]
[      2.286193]    [#5] GET http://www.pandora.com using [2620:106:e007:f00f::3b]:80... network_unreachable
[      2.286354]    [#10] GET https://www.pandora.com using [2620:106:e001:f00d::e7]:443... network_unreachable
[      2.286444]    [#9] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... network_unreachable
[      2.286566]    [#6] GET http://www.pandora.com using [2620:106:e001:f00d::e7]:80... network_unreachable
[      2.465629]    prioritySelector: conn 208.85.41.59:80: granted permission: true
[      2.529478]    prioritySelector: conn 199.116.164.229:80: denied permission: timed out sending
[      2.529528]    [#7] GET http://www.pandora.com using 199.116.164.229:80... stop after TCP connect
[      2.645915]    sessionresolver: http3://mozilla.cloudflare-dns.com/dns-query... ok
[      2.651031]    redirect to: http://www.pandora.com/restricted
[      2.651137]    [#4] GET http://www.pandora.com using 208.85.41.59:80... ok
[      2.651230]    using previously-cached addrs: [{Addr:208.85.41.59 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:5} {Addr:2620:106:e001:f00d::e7 Flags:2} {Addr:199.116.164.229 Flags:4}]
[      2.651363]    prioritySelector: create with [{Addr:208.85.41.59 Flags:3} {Addr:2620:106:e007:f00f::3b Flags:5} {Addr:2620:106:e001:f00d::e7 Flags:2} {Addr:199.116.164.229 Flags:4}]
[      2.651779]    [#13] GET http://www.pandora.com using [2620:106:e007:f00f::3b]:80... network_unreachable
[      2.651874]    [#17] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... network_unreachable
[      2.651951]    [#18] GET https://www.pandora.com using [2620:106:e001:f00d::e7]:443... network_unreachable
[      2.652005]    [#14] GET http://www.pandora.com using [2620:106:e001:f00d::e7]:80... network_unreachable
[      2.787162]    control for http://www.pandora.com using https://0.th.ooni.org... in progress
[      2.787228]    [#8] GET https://www.pandora.com using 208.85.41.59:443... in progress
[      2.787264]    [#11] GET https://www.pandora.com using 199.116.164.229:443... in progress
[      2.829676]    prioritySelector: conn 208.85.41.59:80: granted permission: true
[      2.836735]    [#8] GET https://www.pandora.com using 208.85.41.59:443... stop after TLS handshake
[      2.894575]    prioritySelector: conn 199.116.164.229:80: denied permission: timed out sending
[      2.894672]    [#15] GET http://www.pandora.com using 199.116.164.229:80... stop after TCP connect
[      2.999120]    [#11] GET https://www.pandora.com using 199.116.164.229:443... stop after TLS handshake
[      3.015068]    [#12] GET http://www.pandora.com using 208.85.41.59:80... ok
[      3.151839]    [#19] GET https://www.pandora.com using 199.116.164.229:443... in progress
[      3.151843]    [#16] GET https://www.pandora.com using 208.85.41.59:443... in progress
[      3.200618]    [#16] GET https://www.pandora.com using 208.85.41.59:443... stop after TLS handshake
[      3.459648]    [#19] GET https://www.pandora.com using 199.116.164.229:443... stop after TLS handshake
[      3.795212]    control for http://www.pandora.com using https://0.th.ooni.org... ok
[      3.795279]    additional addrs discovered by the TH: []
[      3.795366]    DNS: address 2620:106:e007:f00f::3b: not resolved by TH
[      3.795384]    DNS: address 199.116.164.229: not resolved by TH
[      3.795411]    DNSConsistency: consistent
[      3.798784]    HTTP: body length: MISMATCH (see #12)
[      3.798814]    HTTP: uncommon headers: MISMATCH (see #12)
[      3.798824]    HTTP: title: MISMATCH (see #12)
[      3.798833] 🔥 HTTP: it seems #12 is a case of httpDiff
[      3.798844] 🔥 ANOMALY: flags=16, accessible=false, blocking=http-diff
[      3.802026]    submitting measurement to OONI collector; please be patient...
[      4.013831]    New reportID: 20221003T111648Z_webconnectivity_KH_23673_n1_elFOl4OuPg9oJYlO
[      4.706606]    saving measurement to disk
[      4.708763]    experiment: recv   0.00  byte, sent   0.00  byte
[      4.709456]    sessionresolver: [{"URL":"http3://mozilla.cloudflare-dns.com/dns-query","Score":1},{"URL":"https://cloudflare-dns.com/dns-query","Score":0.9999},{"URL":"http3://cloudflare-dns.com/dns-query","Score":0.91},{"URL":"https://dns.google/dns-query","Score":0},{"URL":"https://dns.quad9.net/dns-query","Score":0},{"URL":"http3://dns.google/dns-query","Score":0},{"URL":"https://mozilla.cloudflare-dns.com/dns-query","Score":0},{"URL":"system:///","Score":0}]
[      4.709632]    whole session: recv   7.29 kbyte, sent  68.57 kbyte

Oct 03 '22 11:10 arky

Another example of similar server side blocking.

./miniooni --emoji [email protected] -i http://pof.com
[      0.000028]    Current time: 2022-10-03 18:45:42 +07
[      0.000058]    miniooni home directory: $HOME/.miniooni
[      0.000170]    Looking up OONI backends; please be patient...
2022/10/03 18:45:42 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
[      0.361562]    sessionresolver: http3://cloudflare-dns.com/dns-query... ok
[      0.987413]    session: using probe services: {Address:https://api.ooni.io Type:https Front:}
[      0.987472]    Looking up your location; please be patient...
[      0.987557]    iplookup: using stun_ekiga
[      1.344601]    - country: KH
[      1.344646]    - network: COGETEL Co., Ltd (AS23673)
[      1.344664]    - resolver's IP: 162.158.161.159
[      1.344675]    - resolver's network: Cloudflare, Inc. (AS13335)
[      1.344770]    [1/1] running with input: http://pof.com
[      1.348254]    [#1] lookup pof.com using system... ok
[      1.369407]    [#2] lookup pof.com using https://dns.quad9.net/dns-query... ok
[      1.404929]    [#3] lookup pof.com using 8.8.4.4:53... ok
[      1.705245]    DNS whoami for 8.8.4.4:53/udp resolver: [{Address:172.217.32.130}]
[      1.708001]    DNS whoami for system resolver: [{Address:162.158.161.159}]
[      1.708099]    using resolved addrs: [{Addr:104.18.17.5 Flags:7} {Addr:104.18.16.5 Flags:7}]
[      1.708155]    prioritySelector: create with [{Addr:104.18.17.5 Flags:7} {Addr:104.18.16.5 Flags:7}]
[      1.796100]    prioritySelector: conn 104.18.17.5:80: granted permission: true
[      1.806755]    prioritySelector: conn 104.18.16.5:80: denied permission: timed out sending
[      1.806800]    [#5] GET http://pof.com using 104.18.16.5:80... stop after TCP connect
[      1.897909]    [#6] GET https://pof.com using 104.18.17.5:443... stop after TLS handshake
[      1.900359]    [#7] GET https://pof.com using 104.18.16.5:443... stop after TLS handshake
[      1.904783]    [#4] GET http://pof.com using 104.18.17.5:80... ok
[      2.106247]    sessionresolver: https://cloudflare-dns.com/dns-query... ok
[      2.209432]    control for http://pof.com using https://0.th.ooni.org... in progress
[      2.873229]    control for http://pof.com using https://0.th.ooni.org... ok
[      2.873277]    additional addrs discovered by the TH: []
[      2.873355]    DNSConsistency: consistent
[      2.876529]    HTTP: status code: MISMATCH (see #4)
[      2.876538] 🔥 HTTP: it seems #4 is a case of httpDiff
[      2.876543] 🔥 ANOMALY: flags=16, accessible=false, blocking=http-diff
[      2.878500]    submitting measurement to OONI collector; please be patient...
[      3.087126]    New reportID: 20221003T114545Z_webconnectivity_KH_23673_n1_4xinNQorFrziE8so
[      3.522652]    saving measurement to disk
[      3.523678]    experiment: recv   0.00  byte, sent   0.00  byte
[      3.524408]    sessionresolver: [{"URL":"http3://mozilla.cloudflare-dns.com/dns-query","Score":1},{"URL":"https://cloudflare-dns.com/dns-query","Score":0.9999990000000001},{"URL":"http3://cloudflare-dns.com/dns-query","Score":0.9999910000000001},{"URL":"https://dns.google/dns-query","Score":0},{"URL":"https://dns.quad9.net/dns-query","Score":0},{"URL":"http3://dns.google/dns-query","Score":0},{"URL":"https://mozilla.cloudflare-dns.com/dns-query","Score":0},{"URL":"system:///","Score":0}]
[      3.524581]    whole session: recv   5.43 kbyte, sent  28.90 kbyte

Oct 03 '22 11:10 arky

Another example of server side blocking or redirection

 ./miniooni --emoji  [email protected] -i http://www.sportsinteraction.com
[      0.000022]    Current time: 2022-10-05 22:33:12 +07
[      0.000048]    miniooni home directory: $HOME/.miniooni
[      0.000149]    Looking up OONI backends; please be patient...
2022/10/05 22:33:12 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
[      0.857639]    sessionresolver: http3://cloudflare-dns.com/dns-query... ok
[      1.524250]    session: using probe services: {Address:https://api.ooni.io Type:https Front:}
[      1.524302]    Looking up your location; please be patient...
[      1.524389]    iplookup: using stun_ekiga
[      2.261160]    - country: KH
[      2.261206]    - network: COGETEL Co., Ltd (AS23673)
[      2.261217]    - resolver's IP: 172.70.146.212
[      2.261228]    - resolver's network: Cloudflare, Inc. (AS13335)
[      2.261306]    [1/1] running with input: http://www.sportsinteraction.com
[      2.325433]    [#3] lookup www.sportsinteraction.com using 8.8.4.4:53... ok
[      2.414800]    [#1] lookup www.sportsinteraction.com using system... ok
[      2.620934]    DNS whoami for 8.8.4.4:53/udp resolver: [{Address:172.217.43.137}]
[      2.623940]    DNS whoami for system resolver: [{Address:172.70.146.212}]
[      2.762398]    [#2] lookup www.sportsinteraction.com using https://dns.nextdns.io/dns-query... in progress
[      6.262746]    [#2] lookup www.sportsinteraction.com using https://dns.nextdns.io/dns-query... generic_timeout_error
[      6.262817]    using resolved addrs: [{Addr:2606:4700::6812:150a Flags:3} {Addr:104.18.21.10 Flags:3} {Addr:104.18.20.10 Flags:3} {Addr:2606:4700::6812:140a Flags:3}]
[      6.262833]    prioritySelector: create with [{Addr:2606:4700::6812:150a Flags:3} {Addr:104.18.21.10 Flags:3} {Addr:104.18.20.10 Flags:3} {Addr:2606:4700::6812:140a Flags:3}]
[      6.263090]    [#4] GET http://www.sportsinteraction.com using [2606:4700::6812:150a]:80... network_unreachable
[      6.263094]    [#7] GET http://www.sportsinteraction.com using [2606:4700::6812:140a]:80... network_unreachable
[      6.263193]    [#8] GET https://www.sportsinteraction.com using [2606:4700::6812:150a]:443... network_unreachable
[      6.263193]    [#11] GET https://www.sportsinteraction.com using [2606:4700::6812:140a]:443... network_unreachable
[      6.397100]    prioritySelector: conn 104.18.21.10:80: granted permission: true
[      6.408603]    prioritySelector: conn 104.18.20.10:80: denied permission: timed out sending
[      6.408632]    [#6] GET http://www.sportsinteraction.com using 104.18.20.10:80... stop after TCP connect
[      6.541594]    [#10] GET https://www.sportsinteraction.com using 104.18.20.10:443... stop after TLS handshake
[      6.542933]    [#9] GET https://www.sportsinteraction.com using 104.18.21.10:443... stop after TLS handshake
[      6.577550]    [#5] GET http://www.sportsinteraction.com using 104.18.21.10:80... ok
[      6.690703]    sessionresolver: http3://cloudflare-dns.com/dns-query... ok
[      6.764160]    control for http://www.sportsinteraction.com using https://0.th.ooni.org... in progress
[      7.580565]    control for http://www.sportsinteraction.com using https://0.th.ooni.org... ok
[      7.580581]    additional addrs discovered by the TH: []
[      7.580613]    DNSConsistency: consistent
[      7.581857]    HTTP: status code: MISMATCH (see #5)
[      7.581868] 🔥 HTTP: it seems #5 is a case of httpDiff
[      7.581876] 🔥 ANOMALY: flags=16, accessible=false, blocking=http-diff
[      7.583097]    submitting measurement to OONI collector; please be patient...
[      7.801698]    New reportID: 20221005T153319Z_webconnectivity_KH_23673_n1_vBkFTGIggorVGsGD
[      8.250289]    saving measurement to disk
[      8.251447]    experiment: recv   0.00  byte, sent   0.00  byte
[      8.252146]    sessionresolver: [{"URL":"https://cloudflare-dns.com/dns-query","Score":1},{"URL":"http3://mozilla.cloudflare-dns.com/dns-query","Score":1},{"URL":"http3://cloudflare-dns.com/dns-query","Score":1},{"URL":"system:///","Score":0},{"URL":"https://mozilla.cloudflare-dns.com/dns-query","Score":0},{"URL":"http3://dns.google/dns-query","Score":0},{"URL":"https://dns.quad9.net/dns-query","Score":0},{"URL":"https://dns.google/dns-query","Score":0}]
[      8.252387]    whole session: recv   6.72 kbyte, sent  26.63 kbyte

Oct 05 '22 15:10 arky

@bassosimone Updating new tests.

 $ ./miniooni --emoji [email protected] -i http://pandora.com
[      0.000004]    Current time: 2024-01-29 14:16:54 UTC
[      0.000041]    miniooni home directory: $HOME/.miniooni
[      0.000127]    ooniprobe-engine/v3.21.0-alpha 2d9d7ba8bd213df132b63f9c600e0f73d2c53b9d dirty=false go1.20.12
[      0.000339]    Looking up OONI backends; please be patient...
[      0.000517]    httpsDialer: [#1] TCPConnect 162.55.247.208:443... started
[      0.222877]    httpsDialer: [#1] TCPConnect 162.55.247.208:443... ok
[      0.222942]    httpsDialer: [#1] TLSHandshake with 162.55.247.208:443 SNI=www.spreadshirt.com ALPN=[h2 http/1.1]... started
[      0.457537]    httpsDialer: [#1] TLSHandshake with 162.55.247.208:443 SNI=www.spreadshirt.com ALPN=[h2 http/1.1]... ok
[      0.457551]    httpsDialer: [#1] TLSVerifyCertificateChain api.ooni.io... started
[      0.460245]    httpsDialer: [#1] TLSVerifyCertificateChain api.ooni.io... ok
[      0.686677]    session: using probe services: {Address:https://api.ooni.io Type:https Front:}
[      0.686714]    Looking up your location; please be patient...
[      0.686789]    iplookup: using cloudflare
[      0.687342]    sessionresolver: lookup www.cloudflare.com using https://cloudflare-dns.com/dns-query... started
[      0.767849]    sessionresolver: lookup www.cloudflare.com using https://cloudflare-dns.com/dns-query... ok
[      2.857554]    - country: KH
[      2.857569]    - network: COGETEL Co., Ltd (AS23673)
[      2.857572]    - resolver's IP: 172.70.145.156
[      2.857575]    - resolver's network: Cloudflare Inc (AS13335)
[      2.857602]    [1/1] running with input: http://pandora.com
[      2.857720]    [#1] lookup pandora.com using 8.8.4.4:53... started
[      2.857738]    [#2] lookup pandora.com using https://dns.nextdns.io/dns-query... started
[      2.857738]    [#3] lookup pandora.com using system... started
[      2.901873]    [#3] lookup pandora.com using system... ok
[      2.916436]    [#1] lookup pandora.com using 8.8.4.4:53... ok
[      3.358150]    [#2] lookup pandora.com using https://dns.nextdns.io/dns-query... in progress
[      3.839177]    DNS whoami for 8.8.4.4:53/udp resolver: [{Address:172.253.211.69}]
[      4.091645]    [#2] lookup pandora.com using https://dns.nextdns.io/dns-query... ok
[      5.140832]    DNS whoami for system resolver: [{Address:172.70.145.156}]
[      5.141060]    using resolved addrs: [{Addr:208.85.40.158 Flags:7} {Addr:2620:106:e003:f00e::64 Flags:7}]
[      5.141106]    prioritySelector: create with [{Addr:208.85.40.158 Flags:7} {Addr:2620:106:e003:f00e::64 Flags:7}]
[      5.141286]    [#5] GET http://pandora.com using [2620:106:e003:f00e::64]:80... started
[      5.141341]    [#6] GET https://pandora.com using 208.85.40.158:443... started
[      5.141347]    control for http://pandora.com using [{Address:https://2.th.ooni.org Type:https Front:} {Address:https://3.th.ooni.org Type:https Front:} {Address:https://0.th.ooni.org Type:https Front:} {Address:https://1.th.ooni.org Type:https Front:} {Address:https://d33d1gs9kpq1c5.cloudfront.net Type:cloudfront Front:d33d1gs9kpq1c5.cloudfront.net}]... started
[      5.141457]    [#7] GET https://pandora.com using [2620:106:e003:f00e::64]:443... started
[      5.141279]    [#4] GET http://pandora.com using 208.85.40.158:80... started
[      5.141696]    [#5] GET http://pandora.com using [2620:106:e003:f00e::64]:80... network_unreachable
[      5.141760]    [#7] GET https://pandora.com using [2620:106:e003:f00e::64]:443... network_unreachable
[      5.142099]    httpsDialer: [#153] TCPConnect 137.184.88.39:443... started
[      5.142651]    sessionresolver: lookup 2.th.ooni.org using https://cloudflare-dns.com/dns-query... started
[      5.287768]    sessionresolver: lookup 2.th.ooni.org using https://cloudflare-dns.com/dns-query... ok
[      5.352202]    httpsDialer: [#153] TCPConnect 137.184.88.39:443... ok
[      5.352250]    httpsDialer: [#153] TLSHandshake with 137.184.88.39:443 SNI=assets.dunelm.com ALPN=[h2 http/1.1]... started
[      5.353579]    prioritySelector: conn 208.85.40.158:80: granted permission: true
[      5.566601]    httpsDialer: [#153] TLSHandshake with 137.184.88.39:443 SNI=assets.dunelm.com ALPN=[h2 http/1.1]... ok
[      5.566641]    httpsDialer: [#153] TLSVerifyCertificateChain 2.th.ooni.org... started
[      5.568213]    redirect to: https://www.pandora.com
[      5.568241]    [#4] GET http://pandora.com using 208.85.40.158:80... ok
[      5.568367]    DNS whoami for 8.8.4.4:53/udp resolver: [{Address:172.253.211.69}]
[      5.568380]    [#8] lookup www.pandora.com using 8.8.4.4:53... started
[      5.568402]    [#9] lookup www.pandora.com using system... started
[      5.568391]    DNS whoami for system resolver: [{Address:172.70.145.156}]
[      5.570634]    httpsDialer: [#153] TLSVerifyCertificateChain 2.th.ooni.org... ok
[      5.642711]    [#6] GET https://pandora.com using 208.85.40.158:443... in progress
[      5.642833]    control for http://pandora.com using [{Address:https://2.th.ooni.org Type:https Front:} {Address:https://3.th.ooni.org Type:https Front:} {Address:https://0.th.ooni.org Type:https Front:} {Address:https://1.th.ooni.org Type:https Front:} {Address:https://d33d1gs9kpq1c5.cloudfront.net Type:cloudfront Front:d33d1gs9kpq1c5.cloudfront.net}]... in progress
[      5.843841]    [#8] lookup www.pandora.com using 8.8.4.4:53... ok
[      5.978175]    [#6] GET https://pandora.com using 208.85.40.158:443... stop after TLS handshake
[      5.985612]    control for http://pandora.com using [{Address:https://2.th.ooni.org Type:https Front:} {Address:https://3.th.ooni.org Type:https Front:} {Address:https://0.th.ooni.org Type:https Front:} {Address:https://1.th.ooni.org Type:https Front:} {Address:https://d33d1gs9kpq1c5.cloudfront.net Type:cloudfront Front:d33d1gs9kpq1c5.cloudfront.net}]... ok
[      5.985656]    additional addrs discovered by the TH: []
[      6.069463]    [#9] lookup www.pandora.com using system... in progress
[      6.429048]    [#9] lookup www.pandora.com using system... ok
[      6.429145]    using resolved addrs: [{Addr:2620:106:e007:f00f::3b Flags:2} {Addr:199.116.164.229 Flags:3} {Addr:2620:106:e001:f00d::e7 Flags:1}]
[      6.429245]    prioritySelector: create with [{Addr:2620:106:e007:f00f::3b Flags:2} {Addr:199.116.164.229 Flags:3} {Addr:2620:106:e001:f00d::e7 Flags:1}]
[      6.429329]    [#12] GET https://www.pandora.com using [2620:106:e001:f00d::e7]:443... started
[      6.429366]    [#10] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... started
[      6.429521]    [#11] GET https://www.pandora.com using 199.116.164.229:443... started
[      6.429610]    [#12] GET https://www.pandora.com using [2620:106:e001:f00d::e7]:443... network_unreachable
[      6.429731]    [#10] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... network_unreachable
[      6.930572]    [#11] GET https://www.pandora.com using 199.116.164.229:443... in progress
[      7.214154]    prioritySelector: conn 199.116.164.229:443: granted permission: true
[      7.477911]    redirect to: https://www.pandora.com/restricted
[      7.477977]    [#11] GET https://www.pandora.com using 199.116.164.229:443... ok
[      7.478114]    using previously-cached addrs: [{Addr:2620:106:e007:f00f::3b Flags:2} {Addr:199.116.164.229 Flags:3} {Addr:2620:106:e001:f00d::e7 Flags:1}]
[      7.478201]    prioritySelector: create with [{Addr:2620:106:e007:f00f::3b Flags:2} {Addr:199.116.164.229 Flags:3} {Addr:2620:106:e001:f00d::e7 Flags:1}]
[      7.478278]    [#15] GET https://www.pandora.com using [2620:106:e001:f00d::e7]:443... started
[      7.478314]    [#14] GET https://www.pandora.com using 199.116.164.229:443... started
[      7.478330]    [#13] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... started
[      7.478544]    [#15] GET https://www.pandora.com using [2620:106:e001:f00d::e7]:443... network_unreachable
[      7.478640]    [#13] GET https://www.pandora.com using [2620:106:e007:f00f::3b]:443... network_unreachable
[      7.979008]    [#14] GET https://www.pandora.com using 199.116.164.229:443... in progress
[      8.283206]    prioritySelector: conn 199.116.164.229:443: granted permission: true
[      8.562781]    [#14] GET https://www.pandora.com using 199.116.164.229:443... ok

Extended Analysis
-----------------
- the final response (transaction: 14) uses TLS: automatic success


[      8.575015]    submitting measurement to OONI collector; please be patient...
[      8.800831]    New reportID: 20240129T141703Z_webconnectivity_KH_23673_n1_1XPfeoYs3WAU3W9T
2024/01/29 21:17:03 Measurement URL: https://explorer.ooni.org/m/20240129141703.827551_KH_webconnectivity_040a68096b277055
[      9.487660]    saving measurement to disk
[      9.495870]    experiment: recv   0.00  byte, sent   0.00  byte
[      9.496263]    whole session: recv   5.98 kbyte, sent  64.32 kbyte

Jan 29 '24 14:01 arky

@bassosimone It seems this issue is resolved with pandora.com. Am going to test with other services that apply country restrictions. Please feel free to close this bug.

Jan 29 '24 14:01 arky

@arky would you mind reporting these issues in https://github.com/ooni/probe/issues/2661? I am trying to consolidate all these alike cases into a single issue for ease of project management and planning. Thank you!

Also, thank you for testing again! I am going to close this issue now!

🙌

Jan 30 '24 13:01 bassosimone

probe probe copied to clipboard

pandora.com: False positive due to country restriction page

probe
probe copied to clipboard