cloud.google.com Open in urlscan Pro
2a00:1450:4001:811::200e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Effective URL:
https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en
Submission: On October 07 via api (October 7th 2024, 12:51:16 pm UTC) from IN — Scanned from DE

Summary HTTP 37 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 6 domains to perform 37 HTTP transactions. The main IP is 2a00:1450:4001:811::200e, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is cloud.google.com. The Cisco Umbrella rank of the primary domain is 15779.
TLS certificate: Issued by WR2 on September 16th 2024. Valid for: 3 months.

This is the only time cloud.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:300... 2606:4700:300b::a29f:f07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::201b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:402... 2a00:1450:4028:800::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
37	11

1 2606:4700:300b::a29f:f07d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mandiant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

cloud.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4028:800::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

scone-pa.clients6.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	gstatic.com www.gstatic.com fonts.gstatic.com csi.gstatic.com	587 KB
12	google.com 1 redirects cloud.google.com — Cisco Umbrella Rank: 15779 apis.google.com — Cisco Umbrella Rank: 123 scone-pa.clients6.google.com — Cisco Umbrella Rank: 2575	236 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	257 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30 storage.googleapis.com — Cisco Umbrella Rank: 356	332 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643
1	mandiant.com 1 redirects www.mandiant.com — Cisco Umbrella Rank: 619779	698 B
37	6

	Domain	Requested by
10	www.gstatic.com	cloud.google.com www.gstatic.com
6	fonts.gstatic.com	cloud.google.com fonts.googleapis.com
6	cloud.google.com	1 redirects www.gstatic.com
4	apis.google.com	www.gstatic.com apis.google.com scone-pa.clients6.google.com
3	www.googletagmanager.com	www.gstatic.com www.googletagmanager.com
2	region1.google-analytics.com	www.googletagmanager.com
2	scone-pa.clients6.google.com	apis.google.com
2	csi.gstatic.com	cloud.google.com
2	storage.googleapis.com	cloud.google.com
1	fonts.googleapis.com	cloud.google.com
1	www.mandiant.com	1 redirects
37	11

This site contains links to these domains. Also see Links.

Domain
policies.google.com
console.cloud.google.com
mapsplatform.google.com
workspace.google.com
x.com
www.linkedin.com
www.facebook.com
s1.ai
learn.microsoft.com
cabforum.org
pkic.org
www.virustotal.com
www.pkisolutions.com
tools.ietf.org
oid-info.com
www.rfc-editor.org
view.officeapps.live.com
users.umiacs.umd.edu
support.virustotal.com
www.gdatasoftware.com
www.bitdefender.com
signify.readthedocs.io
www.x.com
www.youtube.com
www.instagram.com
myaccount.google.com
support.google.com

Subject Issuer	Validity	Valid
*.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
upload.video.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.gstatic.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
storage.googleapis.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.apis.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.googleapis.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en
Frame ID: 404D3F2F436EDFC6A80E306A8D014DCB
Requests: 34 HTTP requests in this frame

Frame: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.YKp3mj261Wk.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg%2Fm%3D__features__
Frame ID: 1E51615F21A5BAFCBAF45B280F0E0917
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant | Google Cloud Blog

Page URL History Show full URLs

https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware HTTP 301
https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/ HTTP 302
https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

37
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

11
Subdomains

11
IPs

3
Countries

1412 kB
Transfer

5042 kB
Size

7
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/technologies/cookies?hl=en
Title: Learn more

Search URL Search Domain Scan URL

URL: https://console.cloud.google.com/freetrial/
Title: Get started for free

Search URL Search Domain Scan URL

URL: https://mapsplatform.google.com/resources/blog/
Title: Google Maps Platform

Search URL Search Domain Scan URL

URL: https://workspace.google.com/blog
Title: Google Workspace

Search URL Search Domain Scan URL

URL: https://x.com/intent/tweet?text=I%20Solemnly%20Swear%20My%20Driver%20Is%20Up%20to%20No%20Good:%20Hunting%20for%20Attestation%20Signed%20Malware%20@googlecloud&url=https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware&title=I%20Solemnly%20Swear%20My%20Driver%20Is%20Up%20to%20No%20Good:%20Hunting%20for%20Attestation%20Signed%20Malware

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?caption=I%20Solemnly%20Swear%20My%20Driver%20Is%20Up%20to%20No%20Good:%20Hunting%20for%20Attestation%20Signed%20Malware&u=https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware

Search URL Search Domain Scan URL

URL: https://s1.ai/signed-ms
Title: blog post by our colleagues at SentinelOne

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537361(v=vs.85)
Title: ensure integrity and authenticity of a given file

Search URL Search Domain Scan URL

URL: https://cabforum.org/
Title: CA/Browser Forum

Search URL Search Domain Scan URL

URL: https://cabforum.org/uploads/CA-Browser-Forum-BR-1.8.5.pdf
Title: guidelines

Search URL Search Domain Scan URL

URL: https://pkic.org/uploads/2016/12/CASC-Code-Signing.pdf
Title: source

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode
Title: Authenticode

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/design/compatibility/whcp-certification-process
Title: Windows Hardware Compatibility Program

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-attestation
Title: attestation signing

Search URL Search Domain Scan URL

URL: https://cabforum.org/uploads/EV-V1_5_2Libre.pdf
Title: Extended Validation (EV) certificate, which has enhanced identification requirements over other code-signing certificates and must use stronger encryption algorithms

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-reqs#windows-10-attestation-signed-drivers
Title: because the driver has not been tested in HLK Studio, there are no assurances made around compatibility, functionality, and so on.

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104/details
Title: POORTRY sample

Search URL Search Domain Scan URL

URL: https://www.pkisolutions.com/object-identifiers-oid-in-pki/
Title: object identifiers (OIDs)

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/rfc5280#section-4.2.1.12
Title: RFC 5280 Section 4.2.1.12

Search URL Search Domain Scan URL

URL: http://oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.10.3.5&action=display
Title: 1.3.6.1.4.1.311.10.3.5

Search URL Search Domain Scan URL

URL: http://oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.10.3.5.1&action=display
Title: 1.3.6.1.4.1.311.10.3.5.1

Search URL Search Domain Scan URL

URL: https://www.rfc-editor.org/rfc/rfc2315
Title: RFC 2315 for the PKCS #7 v1.5 specification

Search URL Search Domain Scan URL

URL: https://www.rfc-editor.org/rfc/rfc2315#section-9.2
Title: SignerInfo

Search URL Search Domain Scan URL

URL: https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F9%2Fc%2F5%2F9c5b2167-8017-4bae-9fde-d599bac8184a%2FAuthenticode_PE.docx&wdOrigin=BROWSELINK
Title: Authenticode signed PEs

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/search/signature%253A%25E5%25A4%25A7%25E8%25BF%259E%25E7%25BA%25B5%25E6%25A2%25A6%25E7%25BD%2591%25E7%25BB%259C%25E7%25A7%2591%25E6%258A%2580%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8/files
Title: high amount of malicious detections for samples associated with this Organization Name

Search URL Search Domain Scan URL

URL: http://users.umiacs.umd.edu/~tdumitra/signedmalware/ccs17/ccs17.html
Title: documented by the Certified Malware project at the University of Maryland in 2017

Search URL Search Domain Scan URL

URL: https://support.virustotal.com/hc/en-us/articles/360007088057-Writing-YARA-rules-for-Livehunt
Title: additional data available for access via LiveHunt rules

Search URL Search Domain Scan URL

URL: https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
Title: Microsoft signed a malicious Netfilter rootkit

Search URL Search Domain Scan URL

URL: https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Title: Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions

Search URL Search Domain Scan URL

URL: https://signify.readthedocs.io/
Title: Signify

Search URL Search Domain Scan URL

URL: https://signify.readthedocs.io/en/latest/pkcs7.html#signify.pkcs7.SignerInfo.signing_time
Title: Signature Date is an authenticated attribute, containing the timestamp of signing.

Search URL Search Domain Scan URL

URL: https://www.x.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.youtube.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/showcase/google-cloud

Search URL Search Domain Scan URL

URL: https://www.instagram.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/privacypolicy?hl=en
Title: Privacy

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/termsofservice?hl=en
Title: Terms

Search URL Search Domain Scan URL

URL: https://support.google.com/
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware HTTP 301
https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/ HTTP 302
https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/
Redirect Chain

https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/
https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en

557 KB
82 KB

47ms
47ms

Document
text/html

2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

18813c910df42ae5082f78971a9220d34abc989dccb3c945cee16fa3f402823d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport script-src 'report-sample' 'nonce-JcaQAaW5juJ-X02sK5NHPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport script-src 'report-sample' 'nonce-JcaQAaW5juJ-X02sK5NHPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Mon, 07 Oct 2024 12:51:06 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
reporting-endpoints: default="/blog/_/TransformBlogUi/web-reports?context=eJzjStDikmII1pBiyHz6mIn90ROmUrGXTBJfXzJpAHGB7Cum3Z-msTqlz2ANAuLWm-dYpwJx0r_zrEVArOZ6gdVQ4RKrIxCr9lxiNQVi0QeXWLU5LrMWSVxhbQJiIR6OXZv6d7AJLFh0bgOzknZSfmF8ck5-aUqFbnlqkm5STn66bmlmcWpRWWpRvJGBkYmhgYGxnoFFfIEBAM0KOwc"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-type: application/binary
date: Mon, 07 Oct 2024 12:51:06 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 93ms
33ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

800f633202ce8f9164b880fd6ed86fc0673a476462c0df7ada22f14b7acd7725

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:51:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:07 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 07 Oct 2024 12:07:09 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 m=articleview,_b,_tp
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/ed=1/rs=AHrnUqV2q8cETFU-htdI4ZWMv_h6AUR_GQ/ 2 MB
184 KB 58ms
24ms Stylesheet
text/css 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/ed=1/rs=AHrnUqV2q8cETFU-htdI4ZWMv_h6AUR_GQ/m=articleview,_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d7d4999c66cfde038010477d192a9136d7ac57491cbe93beb2043ec95d4124f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 6231
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 11:07:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 11:07:16 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 188723
x-xss-protection: 0
server: sffe

GET
H3 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/am=gMGAWQ/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqWymlrC_44pTKixEq7h7p-BX... 192 KB
68 KB 122ms
89ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/am=gMGAWQ/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqWymlrC_44pTKixEq7h7p-BXV2sPA/m=_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1b674774ad414e3bfd5fb2ce5313c160660882ebcb7401d600fe59d8769d1a1

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 239835
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 18:13:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 18:13:52 GMT
last-modified: Fri, 04 Oct 2024 00:12:35 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 69297
x-xss-protection: 0
server: sffe

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ 33 KB
33 KB 231ms
47ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://cloud.google.com/

Response headers

age: 312267
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 03 Oct 2025 22:06:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 03 Oct 2024 22:06:44 GMT
last-modified: Tue, 23 May 2023 16:35:55 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34108
x-xss-protection: 0
server: sffe

GET
H3 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 152ms
24ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 535464
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 08:06:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 01 Oct 2024 08:06:47 GMT
last-modified: Wed, 31 Jul 2024 20:32:02 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16396
x-xss-protection: 0
server: sffe

GET
H3 200 5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 184ms
56ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 243284
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 17:16:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 17:16:27 GMT
last-modified: Wed, 31 Jul 2024 20:31:46 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15996
x-xss-protection: 0
server: sffe

GET
H3 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 167ms
39ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06e60764f2f683ef1562780a928735ca90bd7ff7b7376d2818c8445be9c29669

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 223638
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 22:43:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 22:43:53 GMT
last-modified: Wed, 31 Jul 2024 20:32:37 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15988
x-xss-protection: 0
server: sffe

GET
H3 200 5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 187ms
59ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f0c9a6824743e74e287574ef92dc872cbd02f44b9285f0564381b3d9b9173cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 257518
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 13:19:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 13:19:13 GMT
last-modified: Wed, 31 Jul 2024 20:32:00 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16716
x-xss-protection: 0
server: sffe

GET
H3 200 pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
fonts.gstatic.com/s/productsans/v9/ 31 KB
31 KB 159ms
32ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://cloud.google.com/

Response headers

age: 218784
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 05 Oct 2025 00:04:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 05 Oct 2024 00:04:47 GMT
last-modified: Mon, 15 Aug 2016 20:30:17 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31568
x-xss-protection: 0
server: sffe

GET
H2 200 fig1-code-signing-overview_wjje.max-800x800.png
storage.googleapis.com/gweb-cloudblog-publish/images/ 88 KB
88 KB 402ms
269ms Image
image/png 2a00:1450:4001:831::201b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/gweb-cloudblog-publish/images/fig1-code-signing-overview_wjje.max-800x800.png
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1cb62317ae83bba076945dcefb0af0bb027a632cd0a79c27b1a7dad3696cb134

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=uHWP6g==, md5=pGROQAnSkGobBADtiDODtw==
etag: "a4644e4009d2906a1b0400ed883383b7"
x-goog-stored-content-encoding: identity
expires: Mon, 07 Oct 2024 13:51:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 90094
date: Mon, 07 Oct 2024 12:51:11 GMT
last-modified: Mon, 12 Feb 2024 14:50:55 GMT
content-type: image/png
x-guploader-uploadid: AHmUCY1Y285rkyrJti3ojsj42m2TVgmZMno1fsih0TL16rdjtUTkBAHDZLJ_hnPdrWsOUr_um2I
cache-control: public, max-age=3600
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1707749455244202
content-length: 90094
server: UploadServer

GET
H2 200 fig2-windows-hardware-compatibility_qhti.max-1300x1300.png
storage.googleapis.com/gweb-cloudblog-publish/images/ 242 KB
243 KB 321ms
188ms Image
image/png 2a00:1450:4001:831::201b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/gweb-cloudblog-publish/images/fig2-windows-hardware-compatibility_qhti.max-1300x1300.png
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 5bc9e402a58de4097db6b1ff6405494b7fe5c9dd34af51bd31280d76663718ef

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=98m5iQ==, md5=2bl1hUtIu/LH2JSp4AvHCA==
etag: "d9b975854b48bbf2c7d894a9e00bc708"
x-goog-stored-content-encoding: identity
expires: Mon, 07 Oct 2024 13:51:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 247759
date: Mon, 07 Oct 2024 12:51:11 GMT
last-modified: Mon, 12 Feb 2024 14:50:57 GMT
content-type: image/png
x-guploader-uploadid: AHmUCY3uzaL7wWkOqeby1s3_2HJUD20WGzLnPSK4ip3QvaJ5UuzfhpUClSkRDEu97AbBZJihCNM
cache-control: public, max-age=3600
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1707749457729085
content-length: 247759
server: UploadServer

GET
DATA 200
OK truncated
/ 140 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,... Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=_b,_tp/excm=_b,... 497 KB
154 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqXi_9XoJ8cTJkHrfl3KfaXYef1xCA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,ebZ3mb,Z5uLle,BBI74,ZDZcre,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/am=gMGAWQ/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqWymlrC_44pTKixEq7h7p-BXV2sPA/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd6f4da6ea8c74276993bc538ebc7e657911240e91a23fa2a8b4d9cd8a1b05b8

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 239647
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 18:17:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 18:17:04 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 158031
x-xss-protection: 0
server: sffe

GET
H3 200 m=NsSboe Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BB... 10 KB
3 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqXi_9XoJ8cTJkHrfl3KfaXYef1xCA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=NsSboe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ef07139795518a693fa624dc6aadd832c2cbb134e262246e07ee8ab28510682

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 239647
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 18:17:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 18:17:04 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2934
x-xss-protection: 0
server: sffe

GET
H3 200 lazy.min.js Show response
www.gstatic.com/feedback/js/help/prod/service/ 120 KB
39 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqXi_9XoJ8cTJkHrfl3KfaXYef1xCA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,ebZ3mb,Z5uLle,BBI74,ZDZcre,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1645c6965b96ee7ac8a1a1e1cd499855cc599c7240408e8dce9d769b90ce1523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 1292
report-to: {"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 13:19:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:29:39 GMT
last-modified: Thu, 03 Oct 2024 17:14:00 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=3000
cross-origin-opener-policy: same-origin-allow-popups; report-to="product-feedback-gathering"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
accept-ranges: bytes
content-length: 39555
x-xss-protection: 0
server: sffe

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BB... 22 KB
7 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqXi_9XoJ8cTJkHrfl3KfaXYef1xCA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e014721f0e0478bcffa275900ac9ffe37eec50d36cae41f549cb7da1e6603816

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 239645
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 18:17:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 18:17:06 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 7516
x-xss-protection: 0
server: sffe

GET
H3 200 m=P6sQOc Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BB... 1 KB
784 B 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,RqjULd,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqXi_9XoJ8cTJkHrfl3KfaXYef1xCA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce8dcdd59e059d364cc0c2fb07064deb57e6be76b53410ee5fa742c72b812ce5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 239645
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 18:17:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 18:17:06 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 758
x-xss-protection: 0
server: sffe

GET
H3 200 2a.json Show response
www.gstatic.com/glue/cookienotificationbar/config/ 559 B
241 B 57ms
29ms Fetch
application/json 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/glue/cookienotificationbar/config/2a.json?hl=en

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

548c0c92bb7a2a4a4d59b283c4179b176912575a3dd2dce1dcbba5c5835ffe2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"uxe-owners-acl/gstatic","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/uxe-owners-acl/gstatic"}]}
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:51:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:11 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 25 Jul 2024 10:08:00 GMT
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/gstatic
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="uxe-owners-acl/gstatic"
content-length: 215
x-xss-protection: 0
server: sffe

GET
H3 200 pingz Show response
cloud.google.com/__/ 136 B
175 B 185ms
185ms Fetch
application/json 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/__/pingz?hl=en&platform=boq&page=%2Fblog%2Ftopics%2Fthreat-intelligence%2Fhunting-attestation-signed-malware%2F&ifgr=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba5d9b7661e9ca25b0cc538a727e860c3a7be9452dfaa2ad6e918f493d15b557

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:11 GMT
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 client.js Show response
apis.google.com/js/ 14 KB
6 KB 82ms
28ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c399256773cdd1bb2f7399c8944fcca334a49228574fbf859087af799e929b6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
etag: "b09c0d91911e187e"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:51:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:11 GMT
content-type: text/javascript
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cache-control: private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="gapi-team"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5822
x-xss-protection: 0
server: sffe

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 198 KB
70 KB 81ms
36ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

741b39e3c65a3cf9be705834afaa6eb780284185d78441b01af87e7b44407857

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 07 Oct 2024 12:51:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 70819
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.YKp3mj261Wk.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg/ 322 KB
110 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.YKp3mj261Wk.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0ce708a3aa80e16ee501be41e595811ee4bad5147da34a321f579c1ae4d84be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 172394
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
x-content-type-options: nosniff
expires: Sun, 05 Oct 2025 12:57:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 05 Oct 2024 12:57:57 GMT
last-modified: Fri, 06 Sep 2024 22:15:37 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
accept-ranges: bytes
access-control-allow-origin: *
content-length: 112607
x-xss-protection: 0
server: sffe

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 323 KB
95 KB 48ms
43ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4cf2153cbf2f65a7854cb7ada45a06964212eb4a11abdf300e2e7bf3b403fa00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 07 Oct 2024 12:51:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96987
x-xss-protection: 0
server: Google Tag Manager

GET
H2 204 csi
csi.gstatic.com/ 0
57 B 395ms
134ms Image
image/gif 2a00:1450:4028:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csi.gstatic.com/csi?v=3&s=gapi_global&action=global&it=blt.0&srt=298&tbsrt=5140&tran=15&p=s&npn=1&npnv=h2&e=abc_l0,abc_m0,abc_u0&rt=
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4028:800::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:12 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
server: Golfe2

GET
H2 204 csi
csi.gstatic.com/ 0
532 B 392ms
131ms Image
image/gif 2a00:1450:4028:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csi.gstatic.com/csi?v=3&s=gapi_module&action=client&it=mli.79,mei.11&tran=15&p=s&npn=1&npnv=h2&e=abc_l0,abc_m0,abc_pclient,abc_u0&rt=
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/hunting-attestation-signed-malware/?hl=en
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4028:800::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:12 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
server: Golfe2

GET
H2 200 proxy.html Show response
scone-pa.clients6.google.com/static/ Frame 1E51 432 B
865 B 150ms
69ms Document
text/html 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.YKp3mj261Wk.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.YKp3mj261Wk.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

3ba1067cd5a3267e9e88fc1a4cc67bcb0b9d1d6af7ce41f0c472929573fac421

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-RicYnxDAbCHbw78TYKyn8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 288
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-RicYnxDAbCHbw78TYKyn8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp; report-to="gapi"
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 12:51:11 GMT
report-to: {"group":"gapi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi"}]}
server: scaffolding on HTTPServer2
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
92 KB 42ms
41ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

98596e587bba753583b31c47ee3df464565914a459545bdec0ac0fbad40977e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 07 Oct 2024 12:51:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94352
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 104ms
33ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4a20v873759632z8897536842za200zb897536842&_p=1728305471608&gcs=G101&gcd=13q3rPl2l5l1&npa=1&dma_cps=-&dma=1&tag_exp=101533421~101671035~101747727&cid=1690594989.1728305472&ul=de-de&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fhunting-attestation-signed-malware%2F&sid=1728305471&sct=1&seg=0&dt=I%20Solemnly%20Swear%20My%20Driver%20Is%20Up%20to%20No%20Good%3A%20Hunting%20for%20Attestation%20Signed%20Malware%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&en=active_experiments&_fv=1&_nsi=1&_ss=1&ep.is_queued=false&epn.event_number=0&epn.queue_batch_number=0&epn.queue_batch_hit_number=0&ep.country=DE&ep.page_hl_parameter=en&ep.utmz=utmcsr%3D(direct)%7Cutmcmd%3D(none)%7Cutmccn%3D(direct)&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&ep.non_interaction=true&ep.active_experiments=97656897%2C1706538%2C97535270%2C97442197%2C97684533%2C48897392%2C48554503%2C48830069%2C93778619%2C93874002%2C48887080%2C97706005%2C97785986%2C97517170%2C1714259%2C48489833%2C97716267%2C97656881%2C97442181%2C97684517%2C93873986%2C48887064%2C97785970%2C97517154&ep.has_cj_refparam=false&ep.is_eea=true&tfd=5333
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cloud.google.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:12 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 103ms
32ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4a20v873759632z8897536842za200zb897536842&_p=1728305471608&gcs=G101&gcd=13q3rPl2l5l1&npa=1&dma_cps=-&dma=1&tag_exp=101533421~101671035~101747727&cid=1690594989.1728305472&ul=de-de&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=2&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fhunting-attestation-signed-malware%2F&sid=1728305471&sct=1&seg=1&dt=I%20Solemnly%20Swear%20My%20Driver%20Is%20Up%20to%20No%20Good%3A%20Hunting%20for%20Attestation%20Signed%20Malware%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&en=page_view&_c=1&ep.is_queued=false&epn.event_number=1&epn.queue_batch_number=1&epn.queue_batch_hit_number=0&ep.country=DE&ep.page_hl_parameter=en&ep.utmz=utmcsr%3D(direct)%7Cutmcmd%3D(none)%7Cutmccn%3D(direct)&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&epn.page_client_height=35504&epn.page_client_width=1600&ep.page_first_published=2024-03-25%2022%3A03%3A00&ep.page_hosting_platform=blog_boq&ep.page_last_published=2022-12-13%2009%3A12%3A00&ep.page_post_author=mandiant%20&ep.page_post_author_role=&ep.page_post_labels=threat%20intelligence&ep.page_post_title=i%20solemnly%20swear%20my%20driver%20is%20up%20to%20no%20good%3A%20hunting%20for%20attestation%20signed%20malware%20%7C%20mandiant&ep.page_original_url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fhunting-attestation-signed-malware%2F&ep.non_interaction=false&ep.has_cj_refparam=false&ep.is_eea=true&_et=1&tfd=5335
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cloud.google.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:12 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 googleapis.proxy.js Show response
apis.google.com/js/ Frame 1E51 14 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/googleapis.proxy.js?onload=startup

Requested by

Host: scone-pa.clients6.google.com
URL: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.YKp3mj261Wk.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e2aaa317b3831d20287bce66f080561bac3abcf464da067e10699d861ed9046

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://scone-pa.clients6.google.com/

Response headers

content-encoding: gzip
etag: "31bdc73328b24d97"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:51:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:12 GMT
content-type: text/javascript
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cache-control: private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="gapi-team"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5823
x-xss-protection: 0
server: sffe

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.YKp3mj261Wk.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg/ Frame 1E51 80 KB
28 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.YKp3mj261Wk.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/googleapis.proxy.js?onload=startup

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f8ca80fbc9ffde7dc4631ae10547c3ba11cc20e52f3690a5ca45771996ab175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://scone-pa.clients6.google.com/

Response headers

content-encoding: gzip
age: 266455
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 10:50:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 10:50:17 GMT
last-modified: Fri, 06 Sep 2024 22:15:37 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28879
x-xss-protection: 0
server: sffe

POST
H2 200 trigger_anonymous Show response
scone-pa.clients6.google.com/v1/survey/trigger/ Frame 1E51 2 KB
1 KB 215ms
213ms XHR
application/json+protobuf 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.YKp3mj261Wk.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

91fad54909741c7fbc75565556c4d7b6df9e225d6c8b2aafc9dadb875e19dc1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.YKp3mj261Wk.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo98YC-mr6Aiq_LYFpsHrtJkr6Dxqg%2Fm%3D__features__
X-Referer: https://cloud.google.com
X-Goog-Encode-Response-If-Executable: base64
X-ClientDetails: appVersion=5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36&platform=Linux%20x86_64&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36
X-JavaScript-User-Agent: google-api-javascript-client/1.1.0
X-Goog-Api-Key: AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg
X-Origin: https://cloud.google.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json+protobuf

Response headers

strict-transport-security: max-age=10886400; includeSubdomains
cache-control: private
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1011
date: Mon, 07 Oct 2024 12:51:12 GMT
x-xss-protection: 0
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BB... 3 KB
2 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en.MAipikvT0zM.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,P6sQOc,Pkx8hb,PrPYRd,QIhFr,RMhBfe,RqjULd,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqXi_9XoJ8cTJkHrfl3KfaXYef1xCA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18623c9742fdab2c329f93e9293dac1bf72e5fb93b42ddbe4303b687a427e30c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 6234
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 11:07:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 11:07:18 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 1578
x-xss-protection: 0
server: sffe

GET
H3 200 favicon.ico
www.gstatic.com/cloud/images/icons/ 5 KB
1 KB 20ms
20ms Other
image/x-icon 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cloud/images/icons/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
age: 208862
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Sun, 05 Oct 2025 02:50:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 05 Oct 2024 02:50:10 GMT
last-modified: Tue, 27 Jun 2023 04:48:00 GMT
content-type: image/x-icon
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 1046
x-xss-protection: 0
server: sffe

POST
H3 200 log Show response
cloud.google.com/ 131 B
155 B 75ms
74ms Fetch
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
X-Goog-AuthUser: 0

Response headers

x-frame-options: SAMEORIGIN
cache-control: private
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 07 Oct 2024 12:51:14 GMT
access-control-allow-origin: https://cloud.google.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 131
date: Mon, 07 Oct 2024 12:51:14 GMT
x-xss-protection: 0
content-type: text/plain; charset=UTF-8
server: Playlog
access-control-allow-headers: X-Playlog-Web

POST
H3 200 log Show response
cloud.google.com/ 131 B
155 B 83ms
82ms Fetch
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
X-Goog-AuthUser: 0

Response headers

x-frame-options: SAMEORIGIN
cache-control: private
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Mon, 07 Oct 2024 12:51:14 GMT
access-control-allow-origin: https://cloud.google.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 131
date: Mon, 07 Oct 2024 12:51:14 GMT
x-xss-protection: 0
content-type: text/plain; charset=UTF-8
server: Playlog
access-control-allow-headers: X-Playlog-Web

POST
H3 200 browserinfo Show response
cloud.google.com/blog/_/TransformBlogUi/ 91 B
133 B 56ms
54ms XHR
application/json 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/_/TransformBlogUi/browserinfo?f.sid=-5876638119430213596&bl=boq_cloudx-web-blog-uiserver_20241003.08_p0&hl=en&soc-app=1&soc-platform=1&soc-device=1&_reqid=53475&rt=j

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7533479c36d52399381bfc932e1c83efcaeb149e3b56cce2edeec36d7479b83d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Same-Domain: 1

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:51:14 GMT
content-type: application/json; charset=utf-8
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: same-site
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mandiant.com/	1970-01-21 00:05:07	Name: __cf_bm Value: bkH2qxQATSkBM28J65qMfID30KMwFWvNBuE0ys2ZwBI-1728305466-1.0.1.1-GtVIWFHuFvapDcejudx9Kyu012olLfdQCzKmtqtMmKThjBGt0JzH60snC2B8X_3Ok8H_kEj5sSADjvhHXytyag
.mandiant.com/	1969-12-31 23:59:59	Name: _cfuvid Value: sPRrwuzpAIb63s6FQvzqLWEW4oud43MZJyH2X4kabZg-1728305466730-0.0.1.1-604800000
.cloud.google.com/	1970-01-21 04:24:17	Name: __utmz Value: utmcsr=(direct)\|utmcmd=(none)\|utmccn=(direct)
.cloud.google.com/	1970-01-21 09:41:05	Name: _ga Value: GA1.1.1690594989.1728305472
.cloud.google.com/	1970-01-21 09:41:05	Name: _ga_WH2QY8WWF5 Value: GS1.1.1728305471.1.1.1728305471.0.0.0
cloud.google.com/	1970-01-21 00:48:17	Name: OTZ Value: 7766691_48_52_123900_48_436380
.google.com/	1970-01-21 04:28:36	Name: NID Value: 518=1pEG-t5U2gz0SY52gjYYmpjwTZrwS6VldynLBc4i-gQiLxSsiL4cK5kA4086OyEKxLW1d-oLujhmkeu27RY9PQPdyvJbU-sjPXexn9tiahIaL2b65hafmV_0vtHXbUt224q7FKghYMELneAgYEEUB9T0CnlzsaIRUUNL50giZcWpPtLWqxn3zKYn

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport script-src 'report-sample' 'nonce-JcaQAaW5juJ-X02sK5NHPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apis.google.com
cloud.google.com
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
scone-pa.clients6.google.com
storage.googleapis.com
www.googletagmanager.com
www.gstatic.com
www.mandiant.com
2001:4860:4802:32::36
2606:4700:300b::a29f:f07d
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2003
2a00:1450:4001:810::200e
2a00:1450:4001:811::200e
2a00:1450:4001:829::200a
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:831::201b
2a00:1450:4028:800::2003
06e60764f2f683ef1562780a928735ca90bd7ff7b7376d2818c8445be9c29669
0f0c9a6824743e74e287574ef92dc872cbd02f44b9285f0564381b3d9b9173cf
1645c6965b96ee7ac8a1a1e1cd499855cc599c7240408e8dce9d769b90ce1523
18623c9742fdab2c329f93e9293dac1bf72e5fb93b42ddbe4303b687a427e30c
18813c910df42ae5082f78971a9220d34abc989dccb3c945cee16fa3f402823d
1cb62317ae83bba076945dcefb0af0bb027a632cd0a79c27b1a7dad3696cb134
1ef07139795518a693fa624dc6aadd832c2cbb134e262246e07ee8ab28510682
2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0
2e2aaa317b3831d20287bce66f080561bac3abcf464da067e10699d861ed9046
3ba1067cd5a3267e9e88fc1a4cc67bcb0b9d1d6af7ce41f0c472929573fac421
3f8ca80fbc9ffde7dc4631ae10547c3ba11cc20e52f3690a5ca45771996ab175
4cf2153cbf2f65a7854cb7ada45a06964212eb4a11abdf300e2e7bf3b403fa00
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
548c0c92bb7a2a4a4d59b283c4179b176912575a3dd2dce1dcbba5c5835ffe2e
5bc9e402a58de4097db6b1ff6405494b7fe5c9dd34af51bd31280d76663718ef
5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
741b39e3c65a3cf9be705834afaa6eb780284185d78441b01af87e7b44407857
7533479c36d52399381bfc932e1c83efcaeb149e3b56cce2edeec36d7479b83d
7d7d4999c66cfde038010477d192a9136d7ac57491cbe93beb2043ec95d4124f
800f633202ce8f9164b880fd6ed86fc0673a476462c0df7ada22f14b7acd7725
91fad54909741c7fbc75565556c4d7b6df9e225d6c8b2aafc9dadb875e19dc1d
97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37
98596e587bba753583b31c47ee3df464565914a459545bdec0ac0fbad40977e3
9c399256773cdd1bb2f7399c8944fcca334a49228574fbf859087af799e929b6
b0ce708a3aa80e16ee501be41e595811ee4bad5147da34a321f579c1ae4d84be
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e
ba5d9b7661e9ca25b0cc538a727e860c3a7be9452dfaa2ad6e918f493d15b557
c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e
ce8dcdd59e059d364cc0c2fb07064deb57e6be76b53410ee5fa742c72b812ce5
dd6f4da6ea8c74276993bc538ebc7e657911240e91a23fa2a8b4d9cd8a1b05b8
e014721f0e0478bcffa275900ac9ffe37eec50d36cae41f549cb7da1e6603816
e1b674774ad414e3bfd5fb2ce5313c160660882ebcb7401d600fe59d8769d1a1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

cloud.google.com Open in urlscan Pro 2a00:1450:4001:811::200e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

100 %HTTPS

100 %IPv6

6 Domains

11 Subdomains

11 IPs

3 Countries

1412 kBTransfer

5042 kBSize

7 Cookies

40 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cloud.google.com Open in urlscan Pro
2a00:1450:4001:811::200e Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

11
Subdomains

11
IPs

3
Countries

1412 kB
Transfer

5042 kB
Size

7
Cookies

37 HTTP transactions
1 data transactions