2013/9/16 Kyle Maxwell <kylem@xwell.org>
I also suspect they're doing some level of malware screening. If so, it didn't work too well here - not that this is malware (the author of the original service that created these docs is a personal friend) but it has a lot of similar code / functionality.
Are you suggesting they pull external resources to scan them too? This'd be quite proactive. It remains quite unusual. Some variations of the experiment with: * non suspicious/interesting documents - should trigger well-intended automation as well as interesting documents * boring file formats (like txt) and URLs - do all URLs get pulled or only automatically requested ones? * files that won't load for rendering but would load for a crawler that tries to find malware * you own server so that you may examine all the data send along with the request, like the headers!