cloud.google.com Open in urlscan Pro
2607:f8b0:400d:c02::65 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government
Effective URL:
https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/
Submission: On August 11 via api (August 11th 2024, 5:00:31 pm UTC) from LU — Scanned from US

Summary HTTP 68 Redirects Links 43 Behaviour Indicators

Summary

This website contacted 16 IPs in 1 countries across 7 domains to perform 68 HTTP transactions. The main IP is 2607:f8b0:400d:c02::65, located in Morganton, United States and belongs to GOOGLE, US. The main domain is cloud.google.com. The Cisco Umbrella rank of the primary domain is 16356.
TLS certificate: Issued by WR2 on July 30th 2024. Valid for: 3 months.

This is the only time cloud.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:300... 2606:4700:300b::a29f:f17d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:400d:c02::65	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c08::5f	15169 (GOOGLE) (GOOGLE)
10	2607:f8b0:400... 2607:f8b0:4004:c06::5e	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:400d:c01::5e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c07::cf	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4004:c1f::8a	15169 (GOOGLE) (GOOGLE)
9	2607:f8b0:400... 2607:f8b0:4004:c17::61	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:400d:c09::5f	15169 (GOOGLE) (GOOGLE)
1 4	2607:f8b0:400... 2607:f8b0:400d:c01::63	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:400d:c0c::9b	15169 (GOOGLE) (GOOGLE)
20 21	172.253.62.148 172.253.62.148	15169 (GOOGLE) (GOOGLE)
10	2607:f8b0:400... 2607:f8b0:400d:c02::9c	15169 (GOOGLE) (GOOGLE)
1 2	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c09::9c	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
68	16

1 2606:4700:300b::a29f:f17d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mandiant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400d:c02::65 (Morganton, United States)

ASN15169 (GOOGLE, US)

cloud.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4004:c06::5e (Washington, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:400d:c01::5e (Morganton, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c07::cf (Morganton, United States)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c1f::8a (Washington, United States)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4004:c17::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c09::5f (Morganton, United States)

ASN15169 (GOOGLE, US)

scone-pa.clients6.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400d:c01::63 (Morganton, United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400d:c0c::9b (Morganton, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 172.253.62.148 (United States) 20 redirects

ASN15169 (GOOGLE, US)
PTR: bc-in-f148.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:400d:c02::9c (Morganton, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::181 (United States) 1 redirects

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c09::9c (Morganton, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	doubleclick.net 20 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 ad.doubleclick.net — Cisco Umbrella Rank: 210 stats.g.doubleclick.net — Cisco Umbrella Rank: 252	5 KB
26	google.com 2 redirects cloud.google.com — Cisco Umbrella Rank: 16356 apis.google.com — Cisco Umbrella Rank: 225 scone-pa.clients6.google.com — Cisco Umbrella Rank: 4751 www.google.com — Cisco Umbrella Rank: 10 adservice.google.com — Cisco Umbrella Rank: 468 analytics.google.com — Cisco Umbrella Rank: 238	211 KB
17	gstatic.com www.gstatic.com fonts.gstatic.com	683 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	765 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110 storage.googleapis.com — Cisco Umbrella Rank: 492	1 MB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
1	mandiant.com 1 redirects www.mandiant.com	710 B
68	7

	Domain	Requested by
21	ad.doubleclick.net	20 redirects
10	adservice.google.com
10	www.gstatic.com	cloud.google.com www.gstatic.com
9	www.googletagmanager.com	www.gstatic.com www.googletagmanager.com
7	fonts.gstatic.com	cloud.google.com fonts.googleapis.com
4	googleads.g.doubleclick.net	www.googletagmanager.com
4	www.google.com	1 redirects
4	apis.google.com	www.gstatic.com apis.google.com scone-pa.clients6.google.com
4	cloud.google.com	www.gstatic.com
2	analytics.google.com	1 redirects www.googletagmanager.com
2	scone-pa.clients6.google.com	apis.google.com
1	www.google-analytics.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	storage.googleapis.com	cloud.google.com
1	fonts.googleapis.com	cloud.google.com
1	www.mandiant.com	1 redirects
68	16

This site contains links to these domains. Also see Links.

Domain
console.cloud.google.com
mapsplatform.google.com
workspace.google.com
twitter.com
www.linkedin.com
www.facebook.com
services.google.com
github.com
learn.microsoft.com
gist.github.com
attack.mitre.org
www.twitter.com
www.youtube.com
www.instagram.com
myaccount.google.com
support.google.com

Subject Issuer	Validity	Valid
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
storage.googleapis.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.apis.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.googleapis.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/
Frame ID: DC7F2E09EC79C029F13152BC01C85348
Requests: 65 HTTP requests in this frame

Frame: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.pGGAptgAK4s.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g%2Fm%3D__features__
Frame ID: 437715296CB4846E8AD031B0DC4650A7
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | Mandiant | Google Cloud Blog

Page URL History Show full URLs

https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government HTTP 301
https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-gove... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

68
Requests

69 %
HTTPS

94 %
IPv6

7
Domains

16
Subdomains

16
IPs

1
Countries

2714 kB
Transfer

6997 kB
Size

10
Cookies

43 Outgoing links

These are links going to different origins than the main page.

URL: https://console.cloud.google.com/freetrial/
Title: Get started for free

Search URL Search Domain Scan URL

URL: https://mapsplatform.google.com/resources/blog/
Title: Google Maps Platform

Search URL Search Domain Scan URL

URL: https://workspace.google.com/blog
Title: Google Workspace

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20@googlecloud&url=https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government&title=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?caption=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government&u=https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government

Search URL Search Domain Scan URL

URL: https://services.google.com/fh/files/blogs/perspectives_on_security_volume_one_digital.pdf
Title: supply chain

Search URL Search Domain Scan URL

URL: https://github.com/ph4ntonn/Stowaway
Title: publicly available backdoor and proxy

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup?view=windows-11
Title: upon completion of the Windows installation but before the end user is able to use the device

Search URL Search Domain Scan URL

URL: https://github.com/DeltoidDelta/Remove-MS-Telemetry-and-Annoyances/blob/master/remove_MS_telemetry.cmd
Title: remove_MS_telemetry.cmd by DeltoidDelta

Search URL Search Domain Scan URL

URL: https://gist.github.com/poudyalanil/ed1a7ed5603805833ca41cbaccefe0d5
Title: activate.cmd by Poudyalanil (originally wiredroid)

Search URL Search Domain Scan URL

URL: https://github.com/ethanpil/sheret
Title: Sheret

Search URL Search Domain Scan URL

URL: https://github.com/microsoft/Windows-universal-samples/blob/main/Samples/CustomCapability/Service/Client/smbios.cpp
Title: Microsoft on Github

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1195/002/
Title: T1195.002:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1136/
Title: T1136:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1543/003/
Title: T1543.003:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1049/
Title: T1049:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047/
Title: T1047:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/
Title: T1059:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/001/
Title: T1059.001:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/005/
Title: T1059.005:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1569/002/
Title: T1569.002:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/
Title: T1027:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1055/
Title: T1055:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1140/
Title: T1140:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1218/011/
Title: T1218.011:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562/004/
Title: T1562.004:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1574/011/
Title: T1574.011:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071/004/
Title: T1071.004:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1090/003/
Title: T1090.003:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1095/
Title: T1095:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1573/002/
Title: T1573.002:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1587/002/
Title: T1587.002:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1588/004/
Title: T1588.004:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1608/003
Title: T1608.003:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.youtube.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/showcase/google-cloud

Search URL Search Domain Scan URL

URL: https://www.instagram.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/privacypolicy?hl=en-US
Title: Privacy

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/termsofservice?hl=en-US
Title: Terms

Search URL Search Domain Scan URL

URL: https://support.google.com/
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government HTTP 301
https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1756857556.1723395626&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&dma=0&npa=0&gtm=45He4880n91NS2VGJGHv9175119176za200zb6343254&auid=962460441.1723395626 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1756857556.1723395626&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&dma=0&npa=0&gtm=45He4880n91NS2VGJGHv9175119176za200zb6343254&auid=962460441.1723395626

Request Chain 36

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPj_-YC17YcDFWs0-QAdL1MTNQ;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CPj_-YC17YcDFWs0-QAdL1MTNQ;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=*;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 38

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CLz9-YC17YcDFcgX-QAd8usvdQ;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CLz9-YC17YcDFcgX-QAd8usvdQ;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=*;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 40

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CIv8-YC17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CIv8-YC17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=*;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 42

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CNS-_4C17YcDFRIa-QAdQrYSCg;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CNS-_4C17YcDFRIa-QAdQrYSCg;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=*;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 44

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CIa5_4C17YcDFUM0-QAdBP0H3A;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CIa5_4C17YcDFUM0-QAdBP0H3A;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=*;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 46

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CP26_4C17YcDFZAj-QAd5EMXcg;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CP26_4C17YcDFZAj-QAd5EMXcg;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=*;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 48

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CNm7_4C17YcDFVIa-QAd-PIPvg;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CNm7_4C17YcDFVIa-QAd-PIPvg;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=*;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 50

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CIG6_4C17YcDFf8U-QAdDuIpFA;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CIG6_4C17YcDFf8U-QAdDuIpFA;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=*;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 52

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CLy-_4C17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CLy-_4C17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=*;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 54

https://ad.doubleclick.net/activity;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=962460441.1723395626;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CL64_4C17YcDFZgX-QAdRcgT6w;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=962460441.1723395626;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CL64_4C17YcDFZgX-QAdRcgT6w;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=*;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 61

https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4880v873759632z8897536842za200zb897536842&_p=1723395625864&gcs=G111&gcd=13r3r3l3l5&npa=0&dma=0&tag_exp=0&cid=1275627900.1723395627&ul=en-us&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=2&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&sid=1723395626&sct=1&seg=1&dt=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&en=page_view&_c=1&ep.is_queued=false&epn.event_number=1&epn.queue_batch_number=1&epn.queue_batch_hit_number=0&ep.country=US&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&epn.page_client_height=19903&epn.page_client_width=1600&ep.page_first_published=2024-03-25%2017%3A03%3A00&ep.page_hosting_platform=blog_boq&ep.page_last_published=2022-12-15%2002%3A12%3A00&ep.page_post_author=mandiant%20&ep.page_post_author_role=&ep.page_post_labels=threat%20intelligence&ep.page_post_title=trojanized%20windows%2010%20operating%20system%20installers%20targeted%20ukrainian%20government%20%7C%20mandiant&ep.page_original_url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&ep.non_interaction=false&ep.has_cj_refparam=false&ep.is_eea=false&_et=7&tfd=5147 HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1275627900.1723395627&dbk=14297998351074082348&dma=0&en=page_view&gcs=G111&gtm=45je4880v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F

68 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/
Redirect Chain

https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government
https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/

288 KB
56 KB

172ms
85ms

Document
text/html

2607:f8b0:400d:c02::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c02::65 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13ec6ab90a1ae7a5146479e6adc42c3affc7b519319bf35925673166d807ff69

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wK8qK2PNa5jK_nVJ3EpNww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-wK8qK2PNa5jK_nVJ3EpNww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Sun, 11 Aug 2024 17:00:21 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
reporting-endpoints: default="/blog/_/TransformBlogUi/web-reports?context=eJzjytHikmLw0ZBiiHv6mCnP4AlTARA_zn3C9BSIWR89Ybq45ylTqdhLJomvL5m0gLhA9hXT7k_TWJ3SZ7CGALFP_QzWOCBuvXmOdToQJ_07z1oCxGquF1iXRFxkPZJ4kdVQ4RKrMxAL8XAsvfN4K5vAgakHbzApaSflF8Yn5-SXplTolqcm6Sbl5KfrlmYWpxaVpRbFGxkYmRhYGFjoGZjHFxgAAB3ZQ3U"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 0

Redirect headers

cache-control: max-age=3600
cf-ray: 8b19c80a1bc00cd9-EWR
content-length: 167
content-type: text/html
date: Sun, 11 Aug 2024 17:00:21 GMT
expires: Sun, 11 Aug 2024 18:00:21 GMT
location: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/
server: cloudflare
vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 64ms
31ms Stylesheet
text/css 2607:f8b0:4004:c08::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

800f633202ce8f9164b880fd6ed86fc0673a476462c0df7ada22f14b7acd7725

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Aug 2024 17:00:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:53:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Aug 2024 17:00:21 GMT

GET
H2 200 m=articleview,_b,_tp
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/ed=1/rs=AHrnUqXyyGLWmBVQkiocKQyBkKbjMEg8oQ/ 2 MB
185 KB 47ms
14ms Stylesheet
text/css 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/ed=1/rs=AHrnUqXyyGLWmBVQkiocKQyBkKbjMEg8oQ/m=articleview,_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed9b3790b11ff0b6752e328ba8bbfc14b013e53c2dbaa37e4871a44b25aa359

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 09:19:36 GMT
age: 27645
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 188656
x-xss-protection: 0
last-modified: Wed, 07 Aug 2024 20:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/css; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Aug 2025 09:19:36 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/am=cMFAsw/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqVok5hskMQxoxWcTLQ-qB... 188 KB
66 KB 87ms
55ms Script
text/javascript 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/am=cMFAsw/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqVok5hskMQxoxWcTLQ-qBX6BZMEhA/m=_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1359acae8635f527eb4c980d060dfe9df6658e5b1a7a0f9adc0732cdfc5a81d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67421
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 00:13:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Aug 2025 17:00:21 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ 33 KB
33 KB 111ms
48ms Font
font/woff2 2607:f8b0:400d:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Origin: https://cloud.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 02:20:08 GMT
x-content-type-options: nosniff
age: 484817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Aug 2025 02:20:08 GMT

GET
H2 200 pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
fonts.gstatic.com/s/productsans/v9/ 31 KB
31 KB 82ms
21ms Font
font/woff2 2607:f8b0:400d:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Origin: https://cloud.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 02:30:50 GMT
x-content-type-options: nosniff
age: 484175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31568
x-xss-protection: 0
last-modified: Mon, 15 Aug 2016 20:30:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Aug 2025 02:30:50 GMT

GET
H2 200 5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 27ms
18ms Font
font/woff2 2607:f8b0:400d:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cloud.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 02:51:57 GMT
x-content-type-options: nosniff
age: 482908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15996
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 20:31:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Aug 2025 02:51:57 GMT

GET
H2 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 30ms
22ms Font
font/woff2 2607:f8b0:400d:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cloud.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 02:51:57 GMT
x-content-type-options: nosniff
age: 482908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16396
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 20:32:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Aug 2025 02:51:57 GMT

GET
H2 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 40ms
33ms Font
font/woff2 2607:f8b0:400d:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06e60764f2f683ef1562780a928735ca90bd7ff7b7376d2818c8445be9c29669

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cloud.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 03:03:33 GMT
x-content-type-options: nosniff
age: 482212
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15988
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 20:32:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Aug 2025 03:03:33 GMT

GET
H2 200 5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 31ms
25ms Font
font/woff2 2607:f8b0:400d:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f0c9a6824743e74e287574ef92dc872cbd02f44b9285f0564381b3d9b9173cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cloud.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 02:49:03 GMT
x-content-type-options: nosniff
age: 483082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16716
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 20:32:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Aug 2025 02:49:03 GMT

GET
H2 200 5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OMmpTtDO_.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 34ms
28ms Font
font/woff2 2607:f8b0:400d:c01::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUr9-KzpRiLCAt4Unrc-xIKmCU5qE9OMmpTtDO_.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00b63756d03524e882502d8e92b322a0001d5f1dcd84d73a29084be49b2d2638

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cloud.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 04:39:50 GMT
x-content-type-options: nosniff
age: 476435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16656
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 20:32:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Aug 2025 04:39:50 GMT

GET
H2 200 ukraine-fig1-iso_qqfo.max-1600x1600.png
storage.googleapis.com/gweb-cloudblog-publish/images/ 1 MB
1 MB 202ms
139ms Image
image/png 2607:f8b0:400d:c07::cf
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/gweb-cloudblog-publish/images/ukraine-fig1-iso_qqfo.max-1600x1600.png
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/trojanized-windows-installers-ukrainian-government/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c07::cf Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 7f128b087985bf2979e5b85f9e601f3bd1a016fcce801cab16186d833dbe8db4

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:25 GMT
x-guploader-uploadid: AHxI1nN6A6fG8JP-1dl9ww0wyARVKKfZxkowiJdLFrnke27sJ7gDYsOB_Ee85gx0F4iYmOf3Rjc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1073952
last-modified: Mon, 12 Feb 2024 14:51:07 GMT
server: UploadServer
etag: "f11268f0b1ab9584137d031aa8f3c1fe"
x-goog-generation: 1707749467326678
content-type: image/png
x-goog-hash: crc32c=cS2ASQ==, md5=8RJo8LGrlYQTfQMaqPPB/g==
cache-control: public, max-age=3600
x-goog-stored-content-length: 1073952
accept-ranges: bytes
expires: Sun, 11 Aug 2024 18:00:25 GMT

GET
DATA 200
OK truncated
/ 140 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,... Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=_b,_tp/excm=... 495 KB
154 KB 38ms
36ms Script
text/javascript 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqULPhSwYnF1f14uwvI2_oyQrEytQA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,BBI74,VwDzFe,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/am=cMFAsw/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqVok5hskMQxoxWcTLQ-qBX6BZMEhA/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fc5c770608838471666ef4d11c58cecf48404fa43d71b1e5837b482f7cf1dd9

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 157516
x-xss-protection: 0
last-modified: Wed, 07 Aug 2024 20:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Aug 2025 17:00:25 GMT

GET
H2 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,... 3 KB
2 KB 20ms
19ms Script
text/javascript 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqULPhSwYnF1f14uwvI2_oyQrEytQA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e3b66df4bbf9cbb275c91602a9c14c7ba2730b9d4d35a3d9715340767e0f8fd

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1682
x-xss-protection: 0
last-modified: Wed, 07 Aug 2024 20:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Aug 2025 17:00:25 GMT

GET
H3 200 m=NsSboe Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,... 10 KB
3 KB 21ms
19ms Script
text/javascript 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,FCpbqb,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,WhJNk,Wt6vjf,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,hhhU8,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqULPhSwYnF1f14uwvI2_oyQrEytQA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=NsSboe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b26d0d8473c69eaa53018dec453dc43e3f114e200813dc042c8aa29e8d342af

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2937
x-xss-protection: 0
last-modified: Wed, 07 Aug 2024 20:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Aug 2025 17:00:25 GMT

GET
H3 200 favicon.ico
www.gstatic.com/cloud/images/icons/ 5 KB
1 KB 18ms
17ms Other
image/x-icon 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cloud/images/icons/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 16:44:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 975
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1046
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 04:48:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/x-icon
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 11 Aug 2025 16:44:10 GMT

GET
H3 200 lazy.min.js Show response
www.gstatic.com/feedback/js/help/prod/service/ 120 KB
120 KB 16ms
16ms Script
text/javascript 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqULPhSwYnF1f14uwvI2_oyQrEytQA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,BBI74,VwDzFe,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12294a42b0a11aa0fe7c76e34f86f50ecd77286e3312825eb64927af2a295e24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 16:49:04 GMT
x-content-type-options: nosniff
age: 681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122408
x-xss-protection: 0
last-modified: Thu, 08 Aug 2024 19:29:54 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="product-feedback-gathering"
vary: Accept-Encoding, Origin
report-to: {"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Aug 2024 17:39:04 GMT

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,... 21 KB
7 KB 32ms
31ms Script
text/javascript 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,FCpbqb,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,WhJNk,Wt6vjf,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,hhhU8,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqULPhSwYnF1f14uwvI2_oyQrEytQA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ddd033477827cc6447dab40a2cf3c1581a17ed177f49582a5ee799644ec4ef3

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7359
x-xss-protection: 0
last-modified: Wed, 07 Aug 2024 20:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Aug 2025 17:00:25 GMT

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,... 1 KB
785 B 17ms
16ms Script
text/javascript 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.m4zPLLxJw04.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.CO2WmKDTSMk.L.B1.O/am=cMFAsw/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,FCpbqb,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,RqjULd,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,WhJNk,Wt6vjf,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,hhhU8,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqULPhSwYnF1f14uwvI2_oyQrEytQA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40e1473bf781226e68aff7be9b75a06d9c673ad6daf7a67b6d0e5ace95bbd148

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 760
x-xss-protection: 0
last-modified: Wed, 07 Aug 2024 20:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Aug 2025 17:00:25 GMT

GET
H3 200 2a.json Show response
www.gstatic.com/glue/cookienotificationbar/config/ 22 B
67 B 36ms
20ms Fetch
application/json 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/glue/cookienotificationbar/config/2a.json?hl=en

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0a1f98fca203b8561519a06bacfdc50e4b3c4a5a71e740da5b0875bd4fc00d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/gstatic
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"uxe-owners-acl/gstatic","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/uxe-owners-acl/gstatic"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="uxe-owners-acl/gstatic"
expires: Sun, 11 Aug 2024 17:00:25 GMT

GET
H2 200 pingz Show response
cloud.google.com/__/ 142 B
361 B 97ms
95ms Fetch
application/json 2607:f8b0:400d:c02::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/__/pingz?platform=boq&page=%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&ifgr=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c02::65 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9bbc353358d09e30d5c248e9e5d053c0f85af122e91655afd31ef5e19a8a13cf

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
content-encoding: gzip
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 client.js Show response
apis.google.com/js/ 15 KB
6 KB 56ms
18ms Script
text/javascript 2607:f8b0:4004:c1f::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9faa744390dc5268b11bae392eb153c776d54fbfb0398f183a11a60843066f7

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5918
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "db6b0af14ed0db77"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Aug 2024 17:00:25 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 193 KB
68 KB 67ms
35ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5e8a44681d4bcfdb497562096b7867a5ff388a55ee30b6aa62ad21584398309b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69254
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:25 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.pGGAptgAK4s.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g/ 325 KB
111 KB 17ms
16ms Script
text/javascript 2607:f8b0:4004:c1f::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.pGGAptgAK4s.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dfafdd876d82f0af3e9ca1a3603e69ec3814a81956426743f38f424af930f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sat, 10 Aug 2024 14:17:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113460
x-xss-protection: 0
last-modified: Thu, 11 Jul 2024 18:55:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Aug 2025 14:17:31 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 316 KB
93 KB 44ms
43ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d86e693bffef5f846b73688d72daadefec9584c0b10ed6549ad26b6b1297a721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95124
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 307 KB
92 KB 27ms
27ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

babd5969fb08a9b670e896e2c1743c15e05459ece642b4e9d324fbefaf230eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94003
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H2 200 proxy.html Show response
scone-pa.clients6.google.com/static/ Frame 4377 432 B
866 B 104ms
25ms Document
text/html 2607:f8b0:400d:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.pGGAptgAK4s.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.pGGAptgAK4s.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

8a1163d424536284da4c8c1009992678363eb4911b8aaab6ed12231d2d438a6e

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-uqvV32DZXYJ7UjM_rBlmeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 290
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-uqvV32DZXYJ7UjM_rBlmeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp; report-to="gapi"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Aug 2024 17:00:26 GMT
report-to: {"group":"gapi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi"}]}
server: scaffolding on HTTPServer2
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1756857556.1723395626&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-insta...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1756857556.1723395626&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-...

42 B
65 B

73ms
26ms

Ping
image/gif

2607:f8b0:400d:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1756857556.1723395626&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&dma=0&npa=0&gtm=45He4880n91NS2VGJGHv9175119176za200zb6343254&auid=962460441.1723395626

Protocol

Server

2607:f8b0:400d:c0c::9b Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1756857556.1723395626&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&dma=0&npa=0&gtm=45He4880n91NS2VGJGHv9175119176za200zb6343254&auid=962460441.1723395626
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 266 KB
91 KB 67ms
61ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-11082232239&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f62767b06e6cc559cbfbcd7ac0abe0e291bcf288c98d2cd5757b8bea0433041a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93633
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 270 KB
92 KB 65ms
61ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10836211492&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c057851cac948c6b65929d186571f0b4538875ee73efb6e7a7b509c2b04449ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94457
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 207 KB
75 KB 37ms
33ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ed54cf3945709a4a412ed70c224b7086bf664d709e0712e7073e9e22c175fdf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76717
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 216 KB
77 KB 30ms
27ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-2507573&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

402d3633ea3d1c150e200c50c5012a673103dfca271db245de3e4c9053fe84b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79073
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 240 KB
85 KB 54ms
51ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-16541431319&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a67a9d4c707a47e69562dfad830c06842193eeea6520199e339077c0e0b51224

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87207
x-xss-protection: 0
last-modified: Sun, 11 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H3 200 googleapis.proxy.js Show response
apis.google.com/js/ Frame 4377 15 KB
6 KB 22ms
21ms Script
text/javascript 2607:f8b0:4004:c1f::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/googleapis.proxy.js?onload=startup

Requested by

Host: scone-pa.clients6.google.com
URL: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.pGGAptgAK4s.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa1e7a613ee91833c1f4fe3094bec8144fd87c9453dd56f413830555421ab7e2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scone-pa.clients6.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5918
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "a9453d579d736b0f"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 262 KB
90 KB 39ms
37ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c648c9a771983e2d5d1f66b9a696c62e91f69e05580341a24ff0424a80e386d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92606
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 11 Aug 2024 17:00:26 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.pGGAptgAK4s.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g/ Frame 4377 81 KB
28 KB 18ms
17ms Script
text/javascript 2607:f8b0:4004:c1f::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.pGGAptgAK4s.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/googleapis.proxy.js?onload=startup

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8596ae65de1978c406672bf51ba42dd95d1bf92e6ebd785aab7bb158bebed246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scone-pa.clients6.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

date: Sat, 10 Aug 2024 16:44:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87371
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28985
x-xss-protection: 0
last-modified: Thu, 11 Jul 2024 18:55:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Aug 2025 16:44:15 GMT

GET
H3

200

dc_pre=CPj_-YC17YcDFWs0-QAdL1MTNQ;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=*;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;g...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=...
https://ad.doubleclick.net/activity;dc_pre=CPj_-YC17YcDFWs0-QAdL1MTNQ;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=541248762;uaa=;uab=;...
https://adservice.google.com/ddm/fls/z/dc_pre=CPj_-YC17YcDFWs0-QAdL1MTNQ;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=*;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;ua...

42 B
63 B

482ms
465ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPj_-YC17YcDFWs0-QAdL1MTNQ;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=*;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CPj_-YC17YcDFWs0-QAdL1MTNQ;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=*;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;psc...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CLz9-YC17YcDFcgX-QAd8usvdQ;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=*;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=CLz9-YC17YcDFcgX-QAd8usvdQ;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1540728183;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=CLz9-YC17YcDFcgX-QAd8usvdQ;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=*;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

198ms
152ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLz9-YC17YcDFcgX-QAd8usvdQ;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=*;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CLz9-YC17YcDFcgX-QAd8usvdQ;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=*;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CIv8-YC17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=*;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;g...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=...
https://ad.doubleclick.net/activity;dc_pre=CIv8-YC17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1338117932;uaa=;uab=;...
https://adservice.google.com/ddm/fls/z/dc_pre=CIv8-YC17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=*;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;ua...

42 B
63 B

510ms
463ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIv8-YC17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=*;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CIv8-YC17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=*;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;psc...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CNS-_4C17YcDFRIa-QAdQrYSCg;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=*;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=CNS-_4C17YcDFRIa-QAdQrYSCg;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1051716714;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=CNS-_4C17YcDFRIa-QAdQrYSCg;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=*;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

458ms
457ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNS-_4C17YcDFRIa-QAdQrYSCg;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=*;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CNS-_4C17YcDFRIa-QAdQrYSCg;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=*;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CIa5_4C17YcDFUM0-QAdBP0H3A;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=*;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gt...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0...
https://ad.doubleclick.net/activity;dc_pre=CIa5_4C17YcDFUM0-QAdBP0H3A;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=593389864;uaa=;uab=;u...
https://adservice.google.com/ddm/fls/z/dc_pre=CIa5_4C17YcDFUM0-QAdBP0H3A;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=*;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam...

42 B
63 B

461ms
461ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIa5_4C17YcDFUM0-QAdBP0H3A;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=*;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CIa5_4C17YcDFUM0-QAdBP0H3A;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=*;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscd...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CP26_4C17YcDFZAj-QAd5EMXcg;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=*;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;g...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=...
https://ad.doubleclick.net/activity;dc_pre=CP26_4C17YcDFZAj-QAd5EMXcg;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=560397364;uaa=;uab=;...
https://adservice.google.com/ddm/fls/z/dc_pre=CP26_4C17YcDFZAj-QAd5EMXcg;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=*;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;ua...

42 B
63 B

202ms
201ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CP26_4C17YcDFZAj-QAd5EMXcg;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=*;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CP26_4C17YcDFZAj-QAd5EMXcg;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=*;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;psc...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CNm7_4C17YcDFVIa-QAd-PIPvg;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=*;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=CNm7_4C17YcDFVIa-QAd-PIPvg;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=2061401906;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=CNm7_4C17YcDFVIa-QAd-PIPvg;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=*;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

200ms
198ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNm7_4C17YcDFVIa-QAd-PIPvg;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=*;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CNm7_4C17YcDFVIa-QAd-PIPvg;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=*;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CIG6_4C17YcDFf8U-QAdDuIpFA;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=*;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=CIG6_4C17YcDFf8U-QAdDuIpFA;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1463713571;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=CIG6_4C17YcDFf8U-QAdDuIpFA;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=*;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

450ms
450ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIG6_4C17YcDFf8U-QAdDuIpFA;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=*;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CIG6_4C17YcDFf8U-QAdDuIpFA;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=*;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CLy-_4C17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=*;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gt...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0...
https://ad.doubleclick.net/activity;dc_pre=CLy-_4C17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=40177009;uaa=;uab=;u...
https://adservice.google.com/ddm/fls/z/dc_pre=CLy-_4C17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=*;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam...

42 B
63 B

425ms
424ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLy-_4C17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=*;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CLy-_4C17YcDFUQn-QAdqLc4sA;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=*;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscd...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CL64_4C17YcDFZgX-QAdRcgT6w;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=*;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=962460441.1723395626;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=...
https://ad.doubleclick.net/activity;dc_pre=CL64_4C17YcDFZgX-QAdRcgT6w;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=962460441.1723395626;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;u...
https://adservice.google.com/ddm/fls/z/dc_pre=CL64_4C17YcDFZgX-QAdRcgT6w;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=*;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;...

42 B
63 B

459ms
458ms

Image
image/gif

2607:f8b0:400d:c02::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CL64_4C17YcDFZgX-QAdRcgT6w;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=*;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

2607:f8b0:400d:c02::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CL64_4C17YcDFZgX-QAdRcgT6w;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=*;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activity;register_conversion=1;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=962460441.1723395626;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi...
ad.doubleclick.net/ 0
23 B 87ms
84ms Image
image/png 172.253.62.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=2507573;type=cloud;cat=enter006;ord=3022741808855;npa=0;auiddc=962460441.1723395626;ps=1;pcor=2047261423;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f148.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"877811393473144877"}],"aggregatable_trigger_data":[{"filters":[{"14":["6459966"]}],"key_piece":"0x833517009902bb22","source_keys":["12","13","14","15","16","17","18","19","20","21","628469716","628469717","628469718","628469719","628837988","628837989","628837990","628837991","628858696","628858697","628858698","628858699","638596132","638596133","638596134","638596135","638600536","638600537","638600538","638600539","638615612","638615613","638615614","638615615","900133408","900133409","900133410","900133411","900138148","900138149","900138150","900138151","900154120","900154121","900154122","900154123"]},{"key_piece":"0xc77515c574d7c1c0","not_filters":{"14":["6459966"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628469716","628469717","628469718","628469719","628837988","628837989","628837990","628837991","628858696","628858697","628858698","628858699","638596132","638596133","638596134","638596135","638600536","638600537","638600538","638600539","638615612","638615613","638615614","638615615","900133408","900133409","900133410","900133411","900138148","900138149","900138150","900138151","900154120","900154121","900154122","900154123"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628469716":32,"628469717":32,"628469718":32,"628469719":3177,"628837988":32,"628837989":32,"628837990":32,"628837991":3177,"628858696":32,"628858697":32,"628858698":32,"628858699":3177,"638596132":38,"638596133":38,"638596134":38,"638596135":3739,"638600536":59,"638600537":59,"638600538":59,"638600539":5778,"638615612":32,"638615613":32,"638615614":32,"638615615":3177,"900133408":36,"900133409":36,"900133410":36,"900133411":3530,"900138148":43,"900138149":43,"900138150":43,"900138151":4237,"900154120":34,"900154121":34,"900154122":34,"900154123":3345},"debug_key":"2886777820413252172","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"877811393473144877","filters":[{"14":["6459966"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"877811393473144877","filters":[{"14":["6459966"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"877811393473144877","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"877811393473144877","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["2507573"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/16541431319/ 3 KB
1 KB 33ms
32ms Script
text/javascript 2607:f8b0:400d:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16541431319/?random=1723395626375&cv=11&fst=1723395626375&bg=ffffff&guid=ON&async=1&gtm=45be4880v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&hn=www.googleadservices.com&frm=0&tiba=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=962460441.1723395626&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-16541431319&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0c::9b Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ce39385052151183a2627cd228b6dd1ef06e195a03de109034c6ed9bc8fa6f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1479
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10836211492/ 3 KB
1 KB 38ms
38ms Script
text/javascript 2607:f8b0:400d:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10836211492/?random=1723395626411&cv=11&fst=1723395626411&bg=ffffff&guid=ON&async=1&gtm=45be4880v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&hn=www.googleadservices.com&frm=0&tiba=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=962460441.1723395626&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10836211492&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0c::9b Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

473346e8f47351f1af3f2567ce084bc9ff2139381203d65dde32db20f8a021b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1477
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11082232239/ 3 KB
1 KB 37ms
36ms Script
text/javascript 2607:f8b0:400d:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11082232239/?random=1723395626447&cv=11&fst=1723395626447&bg=ffffff&guid=ON&async=1&gtm=45be4880v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&hn=www.googleadservices.com&frm=0&tiba=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=962460441.1723395626&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-11082232239&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0c::9b Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9635f474475fe0632d377b13440563175644f8c17fe4b56fa19c6937c2dde3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1476
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 57ms
22ms Fetch
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4880v873759632z8897536842za200zb897536842&_p=1723395625864&_gaz=1&gcs=G111&gcd=13r3r3l3l5&npa=0&dma=0&tag_exp=0&cid=1275627900.1723395627&ul=en-us&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&sid=1723395626&sct=1&seg=0&dt=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&en=active_experiments&_fv=1&_nsi=1&_ss=1&ep.is_queued=false&epn.event_number=0&epn.queue_batch_number=0&epn.queue_batch_hit_number=0&ep.country=US&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&ep.non_interaction=true&ep.active_experiments=48554501%2C48830069%2C48610513%2C97442199%2C97535270%2C97608132%2C48887082%2C93778619%2C1714252%2C97517172%2C48509040%2C48524773%2C93874004%2C48897392%2C97656899%2C1706538%2C93880158%2C48489822%2C97442181%2C97605796%2C48887064%2C97517154%2C48509038%2C48524771%2C93873986%2C97656881%2C93880140&ep.has_cj_refparam=false&ep.is_eea=false&tfd=5137
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cloud.google.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
245 B 81ms
21ms Ping
text/plain 2607:f8b0:400d:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-WH2QY8WWF5&cid=1275627900.1723395627&gtm=45je4880v873759632z8897536842za200zb897536842&aip=1&dma=0&gcs=G111&gcd=13r3r3l3l5&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c09::9c Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cloud.google.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4880v873759632z8897536842za200zb897536842&_p=1723395625864&gcs=G111&gcd=13r3r3l3l5&npa=0&dma=0&tag_exp=0&cid=1275627900.172339562...
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1275627900.1723395627&dbk=14297998351074082348&dma=0&en=page_view&gcs=G111&gtm=45je4880v873759632z8897536842za200zb8975...

0
0

52ms
24ms

Fetch
text/plain

2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1275627900.1723395627&dbk=14297998351074082348&dma=0&en=page_view&gcs=G111&gtm=45je4880v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F
Protocol: H2
Server: 2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1275627900.1723395627&dbk=14297998351074082348&dma=0&en=page_view&gcs=G111&gtm=45je4880v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 506
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/16541431319/ 42 B
64 B 30ms
29ms Image
image/gif 2607:f8b0:400d:c01::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/16541431319/?random=1723395626375&cv=11&fst=1723395600000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&hn=www.googleadservices.com&frm=0&tiba=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=962460441.1723395626&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfujLZRok99sG-7VSl1WT4KaoU4GFHZkMfCqUV3hVMq5M6FyWo&random=3823286618&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::63 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10836211492/ 42 B
64 B 31ms
30ms Image
image/gif 2607:f8b0:400d:c01::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10836211492/?random=1723395626411&cv=11&fst=1723395600000&bg=ffffff&guid=ON&async=1&gtm=45be4880v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&hn=www.googleadservices.com&frm=0&tiba=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=962460441.1723395626&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf00LWZFlJxVhesPf3BrQlriVvBEiPyv3_IJwQwtR3Nt9hHbla&random=786002785&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::63 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/11082232239/ 42 B
64 B 29ms
29ms Image
image/gif 2607:f8b0:400d:c01::63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11082232239/?random=1723395626447&cv=11&fst=1723395600000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftrojanized-windows-installers-ukrainian-government%2F&hn=www.googleadservices.com&frm=0&tiba=Trojanized%20Windows%2010%20Operating%20System%20Installers%20Targeted%20Ukrainian%20Government%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=962460441.1723395626&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfPB9kNivckD6pw256u-Zr7NAwtKdoOfODaMLim3WCJjzz5sgu&random=1467952658&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::63 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Aug 2024 17:00:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 trigger_anonymous Show response
scone-pa.clients6.google.com/v1/survey/trigger/ Frame 4377 33 B
217 B 38ms
35ms XHR
application/json+protobuf 2607:f8b0:400d:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.pGGAptgAK4s.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

eb73ed3f9cc729604c26b3932945af24bc1eef53595aacb062afa1425e18ef2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Goog-Encode-Response-If-Executable: base64
X-Origin: https://cloud.google.com
X-ClientDetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F115.0.5790.24%20Safari%2F537.36&platform=Linux%20x86_64&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F115.0.5790.24%20Safari%2F537.36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36
Content-Type: application/json+protobuf
Referer: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.pGGAptgAK4s.O%2Fam%3DAAAg%2Fd%3D1%2Frs%3DAHpOoo-Cic-4VdRMZ7mFCYOA3wzpF7O-6g%2Fm%3D__features__
X-Goog-Api-Key: AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg
X-Requested-With: XMLHttpRequest
X-JavaScript-User-Agent: google-api-javascript-client/1.1.0
X-Referer: https://cloud.google.com

Response headers

strict-transport-security: max-age=10886400; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Aug 2024 17:00:26 GMT
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
x-xss-protection: 0

POST
H3 200 log Show response
cloud.google.com/ 131 B
155 B 57ms
55ms Fetch
text/plain 2607:f8b0:400d:c02::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::65 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 11 Aug 2024 17:00:28 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cloud.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 11 Aug 2024 17:00:28 GMT

POST
H3 200 browserinfo Show response
cloud.google.com/blog/_/TransformBlogUi/ 90 B
130 B 88ms
86ms XHR
application/json 2607:f8b0:400d:c02::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/_/TransformBlogUi/browserinfo?f.sid=8457430484702968505&bl=boq_cloudx-web-blog-uiserver_20240808.07_p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=25229&rt=j

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::65 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d15ccf1a35698caf5632616d47e1ce6f846690e1fb37b2378f4d3cb25b9380e2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.24 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sun, 11 Aug 2024 17:00:28 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
content-encoding: gzip
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=3102741566008;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=541248762;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5070280728085;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1540728183;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=276334452246;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1338117932;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5389194496388;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1051716714;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=847552672112;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=593389864;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=1988256730423;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=560397364;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5265375444132;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=2061401906;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4771219819118;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=1463713571;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=8605578495680;npa=0;auiddc=962460441.1723395626;u6=US;ps=1;pcor=40177009;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mandiant.com/	1970-01-20 22:43:17	Name: __cf_bm Value: l21NuvBhRzk0PHNq8hDJFvRmthsxg8HkqvkZkUL1etg-1723395621-1.0.1.1-RqkZ_U7jiVNIevOL6YWzrzARQpbUSSUcRV5Kn47MtnmF3wC2IQcjkqra5_kZOgOdVpMTcNUl4WzuzNcqHg2cQg
.mandiant.com/	1969-12-31 23:59:59	Name: _cfuvid Value: fEiU58SuKwSb4f8nx27z7aWLW6OHT2JZ1xl5gAwvcjk-1723395621487-0.0.1.1-604800000
cloud.google.com/	1970-01-20 23:26:27	Name: OTZ Value: 7684860_96_96__96_
cloud.google.com/	1970-01-21 03:02:27	Name: __utmz Value: 1.utmcsr=(direct)\|utmcmd=(none)\|utmccn=(direct)
.cloud.google.com/	1970-01-21 00:52:51	Name: _gcl_au Value: 1.1.962460441.1723395626
.doubleclick.net/	1970-01-21 08:19:15	Name: IDE Value: AHWqTUl1OSKQzMJzkWduajetL1MYTszpUHMS1G61yY_PGBryWVdSidPlxMbzPeEx
.cloud.google.com/	1970-01-21 08:19:15	Name: _ga Value: GA1.1.1275627900.1723395627
.doubleclick.net/	1970-01-20 23:26:27	Name: ar_debug Value: 1
.cloud.google.com/	1970-01-21 08:19:15	Name: _ga_WH2QY8WWF5 Value: GS1.1.1723395626.1.1.1723395626.60.0.0
.google.com/	1970-01-21 03:06:46	Name: NID Value: 516=XCMvuExuVQGF9jWkdxWHps5HGWWmjck3QuDPUmOws8buZ393bx-x17__s2-CbbdlmEStESyjsa6gGOqDxxngzfCTvDBp3Q_0LdQJjK5ubZrRA0PDyKVh1_HB69Kpx-Hcl_c75X0rM3jiykEIsU-8mbrUlNmvIlyzN0wOSRr_A-qyQ-Q

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wK8qK2PNa5jK_nVJ3EpNww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
analytics.google.com
apis.google.com
cloud.google.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
scone-pa.clients6.google.com
stats.g.doubleclick.net
storage.googleapis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.mandiant.com
ad.doubleclick.net
172.253.62.148
2001:4860:4802:34::178
2001:4860:4802:34::181
2606:4700:300b::a29f:f17d
2607:f8b0:4004:c06::5e
2607:f8b0:4004:c08::5f
2607:f8b0:4004:c17::61
2607:f8b0:4004:c1f::8a
2607:f8b0:400d:c01::5e
2607:f8b0:400d:c01::63
2607:f8b0:400d:c02::65
2607:f8b0:400d:c02::9c
2607:f8b0:400d:c07::cf
2607:f8b0:400d:c09::5f
2607:f8b0:400d:c09::9c
2607:f8b0:400d:c0c::9b
00b63756d03524e882502d8e92b322a0001d5f1dcd84d73a29084be49b2d2638
06e60764f2f683ef1562780a928735ca90bd7ff7b7376d2818c8445be9c29669
0f0c9a6824743e74e287574ef92dc872cbd02f44b9285f0564381b3d9b9173cf
12294a42b0a11aa0fe7c76e34f86f50ecd77286e3312825eb64927af2a295e24
13ec6ab90a1ae7a5146479e6adc42c3affc7b519319bf35925673166d807ff69
1c648c9a771983e2d5d1f66b9a696c62e91f69e05580341a24ff0424a80e386d
2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0
3b26d0d8473c69eaa53018dec453dc43e3f114e200813dc042c8aa29e8d342af
3dfafdd876d82f0af3e9ca1a3603e69ec3814a81956426743f38f424af930f79
402d3633ea3d1c150e200c50c5012a673103dfca271db245de3e4c9053fe84b6
40e1473bf781226e68aff7be9b75a06d9c673ad6daf7a67b6d0e5ace95bbd148
473346e8f47351f1af3f2567ce084bc9ff2139381203d65dde32db20f8a021b7
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5e8a44681d4bcfdb497562096b7867a5ff388a55ee30b6aa62ad21584398309b
5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
7ce39385052151183a2627cd228b6dd1ef06e195a03de109034c6ed9bc8fa6f9
7ddd033477827cc6447dab40a2cf3c1581a17ed177f49582a5ee799644ec4ef3
7f128b087985bf2979e5b85f9e601f3bd1a016fcce801cab16186d833dbe8db4
800f633202ce8f9164b880fd6ed86fc0673a476462c0df7ada22f14b7acd7725
8596ae65de1978c406672bf51ba42dd95d1bf92e6ebd785aab7bb158bebed246
8a1163d424536284da4c8c1009992678363eb4911b8aaab6ed12231d2d438a6e
8fc5c770608838471666ef4d11c58cecf48404fa43d71b1e5837b482f7cf1dd9
97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37
9bbc353358d09e30d5c248e9e5d053c0f85af122e91655afd31ef5e19a8a13cf
9e3b66df4bbf9cbb275c91602a9c14c7ba2730b9d4d35a3d9715340767e0f8fd
a0a1f98fca203b8561519a06bacfdc50e4b3c4a5a71e740da5b0875bd4fc00d6
a67a9d4c707a47e69562dfad830c06842193eeea6520199e339077c0e0b51224
a9faa744390dc5268b11bae392eb153c776d54fbfb0398f183a11a60843066f7
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e
babd5969fb08a9b670e896e2c1743c15e05459ece642b4e9d324fbefaf230eb0
c057851cac948c6b65929d186571f0b4538875ee73efb6e7a7b509c2b04449ea
c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e
d1359acae8635f527eb4c980d060dfe9df6658e5b1a7a0f9adc0732cdfc5a81d
d15ccf1a35698caf5632616d47e1ce6f846690e1fb37b2378f4d3cb25b9380e2
d86e693bffef5f846b73688d72daadefec9584c0b10ed6549ad26b6b1297a721
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9635f474475fe0632d377b13440563175644f8c17fe4b56fa19c6937c2dde3b
eb73ed3f9cc729604c26b3932945af24bc1eef53595aacb062afa1425e18ef2b
ed54cf3945709a4a412ed70c224b7086bf664d709e0712e7073e9e22c175fdf4
eed9b3790b11ff0b6752e328ba8bbfc14b013e53c2dbaa37e4871a44b25aa359
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f62767b06e6cc559cbfbcd7ac0abe0e291bcf288c98d2cd5757b8bea0433041a
fa1e7a613ee91833c1f4fe3094bec8144fd87c9453dd56f413830555421ab7e2

cloud.google.com Open in urlscan Pro 2607:f8b0:400d:c02::65 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

68 Requests

69 %HTTPS

94 %IPv6

7 Domains

16 Subdomains

16 IPs

1 Countries

2714 kBTransfer

6997 kBSize

10 Cookies

43 Outgoing links

Page URL History

Redirected requests

68 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cloud.google.com Open in urlscan Pro
2607:f8b0:400d:c02::65 Public Scan

Screenshot
Live screenshot

Full Image

68
Requests

69 %
HTTPS

94 %
IPv6

7
Domains

16
Subdomains

16
IPs

1
Countries

2714 kB
Transfer

6997 kB
Size

10
Cookies

68 HTTP transactions
1 data transactions