cloud.google.com Open in urlscan Pro
2607:f8b0:4006:821::200e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.mandiant.com/resources/evolution-of-fin7
Effective URL:
https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/
Submission: On October 08 via api (October 8th 2024, 3:15:22 am UTC) from BY — Scanned from US

Summary HTTP 84 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 20 IPs in 1 countries across 7 domains to perform 84 HTTP transactions. The main IP is 2607:f8b0:4006:821::200e, located in United States and belongs to GOOGLE, US. The main domain is cloud.google.com. The Cisco Umbrella rank of the primary domain is 15779.
TLS certificate: Issued by WR2 on September 16th 2024. Valid for: 3 months.

This is the only time cloud.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	2606:4700:300... 2606:4700:300b::a29f:f17d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:821::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::200a	15169 (GOOGLE) (GOOGLE)
10	142.251.40.227 142.251.40.227	15169 (GOOGLE) (GOOGLE)
6	142.250.80.35 142.250.80.35	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80e::201b	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81d::200e	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:80a::2008	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:821::200a	15169 (GOOGLE) (GOOGLE)
1 4	142.250.64.68 142.250.64.68	15169 (GOOGLE) (GOOGLE)
4	142.251.32.98 142.251.32.98	15169 (GOOGLE) (GOOGLE)
7	142.250.80.8 142.250.80.8	15169 (GOOGLE) (GOOGLE)
2	142.251.32.110 142.251.32.110	15169 (GOOGLE) (GOOGLE)
14	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
20 21	142.250.65.198 142.250.65.198	15169 (GOOGLE) (GOOGLE)
10	142.251.40.194 142.251.40.194	15169 (GOOGLE) (GOOGLE)
1 2	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1f::9c	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81f::200e	15169 (GOOGLE) (GOOGLE)
3	142.250.64.110 142.250.64.110	15169 (GOOGLE) (GOOGLE)
84	20

2 2606:4700:300b::a29f:f17d (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.mandiant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::200e (United States)

ASN15169 (GOOGLE, US)

cloud.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.251.40.227 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.80.35 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80e::201b (United States)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81d::200e (United States)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80a::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::200a (United States)

ASN15169 (GOOGLE, US)

scone-pa.clients6.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.64.68 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.32.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.80.8 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.32.110 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f14.1e100.net

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2607:f8b0:4006:80f::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.250.65.198 (Plainview, United States) 20 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.251.40.194 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::181 (United States) 1 redirects

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1f::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.64.110 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f14.1e100.net

cloud.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	doubleclick.net 20 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 td.doubleclick.net — Cisco Umbrella Rank: 192 ad.doubleclick.net — Cisco Umbrella Rank: 150 stats.g.doubleclick.net — Cisco Umbrella Rank: 136	8 KB
27	google.com 2 redirects cloud.google.com — Cisco Umbrella Rank: 15779 apis.google.com — Cisco Umbrella Rank: 123 scone-pa.clients6.google.com — Cisco Umbrella Rank: 2575 www.google.com — Cisco Umbrella Rank: 3 adservice.google.com — Cisco Umbrella Rank: 357 analytics.google.com — Cisco Umbrella Rank: 147	224 KB
16	gstatic.com www.gstatic.com fonts.gstatic.com	587 KB
10	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	786 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30 storage.googleapis.com — Cisco Umbrella Rank: 356	458 KB
2	mandiant.com 2 redirects www.mandiant.com — Cisco Umbrella Rank: 619779	2 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34
84	7

	Domain	Requested by
21	ad.doubleclick.net	20 redirects cloud.google.com
14	td.doubleclick.net	www.googletagmanager.com
10	adservice.google.com	cloud.google.com
10	www.googletagmanager.com	www.gstatic.com www.googletagmanager.com
10	www.gstatic.com	cloud.google.com www.gstatic.com
6	fonts.gstatic.com	cloud.google.com fonts.googleapis.com
5	cloud.google.com	www.gstatic.com
4	googleads.g.doubleclick.net	cloud.google.com www.googletagmanager.com
4	www.google.com	1 redirects cloud.google.com
4	apis.google.com	www.gstatic.com apis.google.com scone-pa.clients6.google.com
2	analytics.google.com	1 redirects www.googletagmanager.com
2	scone-pa.clients6.google.com	apis.google.com
2	www.mandiant.com	2 redirects
1	www.google-analytics.com	cloud.google.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	storage.googleapis.com	cloud.google.com
1	fonts.googleapis.com	cloud.google.com
84	17

This site contains links to these domains. Also see Links.

Domain
console.cloud.google.com
mapsplatform.google.com
workspace.google.com
x.com
www.linkedin.com
www.facebook.com
github.com
bi-zone.medium.com
docs.microsoft.com
excel-dna.net
www.justice.gov
www.x.com
www.youtube.com
www.instagram.com
myaccount.google.com
support.google.com

Subject Issuer	Validity	Valid
*.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
upload.video.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.gstatic.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
storage.googleapis.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.apis.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.googleapis.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/
Frame ID: B153F2216EDE355F3A2FC842257CFA55
Requests: 67 HTTP requests in this frame

Frame: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.3visMJpiQIc.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo99Jaq3x9bYTscBipFXsayIS-abwA%2Fm%3D__features__
Frame ID: 642EBB786919931042709D0250E6D69C
Requests: 4 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: D87F2004182B8866BC2195CF70BD2494
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: BE2E97692B0A22564EE1267039038686
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: AD738DBFE2A7DCF69970E658340319A8
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: 96D1F101398F2EA707C683E05C289AAA
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: F736E538129EDF8E111272E7DB431CCF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: 5E24653941E3F3E5F24D5DB10FB042DF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: 3CD4CA2819FE38C0DF01A121EE9217F5
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: E8DA750E4B91EF3DDF127157D2203D01
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: B8B29550AA58BAB1D5AB9BEA260EB896
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/16541431319?random=1728357317464&cv=11&fst=1728357317464&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533422~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: B5BF38DEB2C64E6F0834172264479A5C
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11082232239?random=1728357317526&cv=11&fst=1728357317526&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 35308667885B9865B106889C766E8418
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-WH2QY8WWF5&gacid=518537203.1728357318&gtm=45je4a20v873759632z8897536842za200zb897536842&dma=0&gcs=G111&gcd=13r3r3l3l5l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101529666~101671035~101747727&z=1208733119
Frame ID: 45A84595571B39BAA41826AADACCD15C
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10836211492?random=1728357317668&cv=11&fst=1728357317668&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101529665~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: BF619F95A2525A4224C098963B7B5086
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
Frame ID: 7A273E663B49C2614A0D14FDE00A30EC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 | Mandiant | Google Cloud Blog

Page URL History Show full URLs

https://www.mandiant.com/resources/evolution-of-fin7 HTTP 301
https://www.mandiant.com/resources/blog/evolution-of-fin7 HTTP 301
https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

84
Requests

74 %
HTTPS

55 %
IPv6

7
Domains

17
Subdomains

20
IPs

1
Countries

2061 kB
Transfer

6518 kB
Size

11
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://console.cloud.google.com/freetrial/
Title: Get started for free

Search URL Search Domain Scan URL

URL: https://mapsplatform.google.com/resources/blog/
Title: Google Maps Platform

Search URL Search Domain Scan URL

URL: https://workspace.google.com/blog
Title: Google Workspace

Search URL Search Domain Scan URL

URL: https://x.com/intent/tweet?text=FIN7%20Power%20Hour:%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20@googlecloud&url=https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7&title=FIN7%20Power%20Hour:%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?caption=FIN7%20Power%20Hour:%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7&u=https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7

Search URL Search Domain Scan URL

URL: https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-Shellcode.ps1
Title: PowerSploit

Search URL Search Domain Scan URL

URL: https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
Title: Lizar

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/api/amsi/nf-amsi-amsiscanbuffer
Title: amsi.dll!AmsiScanBuffer

Search URL Search Domain Scan URL

URL: https://github.com/monoxgas/sRDI
Title: publicly available

Search URL Search Domain Scan URL

URL: https://excel-dna.net/
Title: Excel-DNA

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/pr/three-members-notorious-international-cybercrime-group-fin7-custody-role-attacking-over-100
Title: 2018

Search URL Search Domain Scan URL

URL: https://www.justice.gov/usao-wdwa/pr/high-level-organizer-notorious-hacking-group-fin7-sentenced-ten-years-prison-scheme
Title: 2021

Search URL Search Domain Scan URL

URL: https://www.x.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.youtube.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/showcase/google-cloud

Search URL Search Domain Scan URL

URL: https://www.instagram.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/privacypolicy?hl=en-US
Title: Privacy

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/termsofservice?hl=en-US
Title: Terms

Search URL Search Domain Scan URL

URL: https://support.google.com/
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.mandiant.com/resources/evolution-of-fin7 HTTP 301
https://www.mandiant.com/resources/blog/evolution-of-fin7 HTTP 301
https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3l3l5l1&tag_exp=101671035~101747727&rnd=1340865705.1728357317&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&dma=0&npa=0&gtm=45He4a20n91NS2VGJGHv9175119176za200zb6343254&auid=1812097756.1728357317 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5l1&tag_exp=101671035~101747727&rnd=1340865705.1728357317&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&dma=0&npa=0&gtm=45He4a20n91NS2VGJGHv9175119176za200zb6343254&auid=1812097756.1728357317

Request Chain 34

https://ad.doubleclick.net/activity;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CMfp2N_o_YgDFZI1-QAdpbkhHw;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CMfp2N_o_YgDFZI1-QAdpbkhHw;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=*;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 44

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=COXb3N_o_YgDFRIg-QAdR58sHw;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=COXb3N_o_YgDFRIg-QAdR58sHw;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=*;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 46

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CLDV3N_o_YgDFdk1-QAdROQPmQ;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CLDV3N_o_YgDFdk1-QAdROQPmQ;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=*;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 48

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CNGY6d_o_YgDFfYj-QAd1uMW1g;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CNGY6d_o_YgDFfYj-QAd1uMW1g;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=*;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 50

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CJae6d_o_YgDFXMj-QAdRmMY1g;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CJae6d_o_YgDFXMj-QAdRmMY1g;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=*;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 52

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CM6x6d_o_YgDFdgd-QAdYycrmA;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CM6x6d_o_YgDFdgd-QAdYycrmA;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=*;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 54

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPuy6d_o_YgDFYoj-QAde_gIpg;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CPuy6d_o_YgDFYoj-QAde_gIpg;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=*;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 56

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPyy6d_o_YgDFfs0-QAdGR8rvQ;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CPyy6d_o_YgDFfs0-QAdGR8rvQ;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=*;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 58

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CN-26d_o_YgDFYA0-QAd2u0hcg;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CN-26d_o_YgDFYA0-QAd2u0hcg;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=*;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Request Chain 67

https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4a20v873759632z8897536842za200zb897536842&_p=1728357315468&gcs=G111&gcd=13r3r3l3l5l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&cid=518537203.1728357318&ul=en-us&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=2&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&sid=1728357317&sct=1&seg=1&dt=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&en=page_view&_c=1&ep.is_queued=false&epn.event_number=1&epn.queue_batch_number=1&epn.queue_batch_hit_number=0&ep.country=US&ep.utmz=utmcsr%3D(direct)%7Cutmcmd%3D(none)%7Cutmccn%3D(direct)&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&epn.page_client_height=32595&epn.page_client_width=1600&ep.page_first_published=2024-03-25%2014%3A03%3A00&ep.page_hosting_platform=blog_boq&ep.page_last_published=2022-04-04%2000%3A04%3A00&ep.page_post_author=mandiant%20&ep.page_post_author_role=&ep.page_post_labels=threat%20intelligence&ep.page_post_title=fin7%20power%20hour%3A%20adversary%20archaeology%20and%20the%20evolution%20of%20fin7%20%7C%20mandiant&ep.page_original_url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&ep.non_interaction=false&ep.has_cj_refparam=false&ep.is_eea=false&_et=32&tfd=7171 HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=518537203.1728357318&dbk=14200833811984881439&dma=0&en=page_view&gcs=G111&gtm=45je4a20v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F

Request Chain 79

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CNnQkODo_YgDFUEa-QAdGU85EA;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CNnQkODo_YgDFUEa-QAdGU85EA;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=*;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

84 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/
Redirect Chain

https://www.mandiant.com/resources/evolution-of-fin7
https://www.mandiant.com/resources/blog/evolution-of-fin7
https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

340 KB
70 KB

498ms
209ms

Document
text/html

2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e8141776902d110d6f9ba4e8fe8fd27b6ec1f0cab96e1c491be1e09dc899350b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G8O3bjoY7Ieq55_ylQ2lIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-G8O3bjoY7Ieq55_ylQ2lIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Tue, 08 Oct 2024 03:15:11 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
reporting-endpoints: default="/blog/_/TransformBlogUi/web-reports?context=eJzjStDikmLw1JBiSHr6mInl0ROmUrGXTBJfXzJpAXGB7Cum3Z-msTqlz2ANAeLWm-dYpwNx0r_zrCVArOZ6gdVQ4RKrMxCr9lxiNQdikQeXWLU5LrMWSVxhbQFiIR6O_ccn7WAT-PFt-WQmJe2k_ML45Jz80pQK3fLUJN2knPx03dLM4tSistSieCMDIxNDAwMzPQOL-AIDAOE-O4c"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 0

Redirect headers

cache-control: max-age=3600
cf-ray: 8cf2f70a2a5dcb9b-LAX
content-length: 167
content-type: text/html
date: Tue, 08 Oct 2024 03:15:11 GMT
expires: Tue, 08 Oct 2024 04:15:11 GMT
location: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/
server: cloudflare
vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 429ms
154ms Stylesheet
text/css 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500,700,400i,500i,700i

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

800f633202ce8f9164b880fd6ed86fc0673a476462c0df7ada22f14b7acd7725

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 03:15:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:12 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 08 Oct 2024 03:15:12 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 m=articleview,_b,_tp
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/ed=1/rs=AHrnUqV2q8cETFU-htdI4ZWMv_h6AUR_GQ/ 2 MB
184 KB 351ms
132ms Stylesheet
text/css 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/ed=1/rs=AHrnUqV2q8cETFU-htdI4ZWMv_h6AUR_GQ/m=articleview,_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

7d7d4999c66cfde038010477d192a9136d7ac57491cbe93beb2043ec95d4124f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 5656
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 01:40:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 01:40:55 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 188723
x-xss-protection: 0
server: sffe

GET
H3 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/am=gMGAWQ/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqVNEek0U_NXnY_h7Fkt6d... 193 KB
68 KB 510ms
509ms Script
text/javascript 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/am=gMGAWQ/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqVNEek0U_NXnY_h7Fkt6dB9hRnbGQ/m=_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

c9baa1d6cfdf41b6970c1c00911f070a2108aebbc26d1bc502fba1d0d230653d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 35876
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 17:17:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 17:17:15 GMT
last-modified: Sat, 05 Oct 2024 02:12:47 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 69361
x-xss-protection: 0
server: sffe

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ 33 KB
33 KB 374ms
232ms Font
font/woff2 142.250.80.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.35 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://cloud.google.com/

Response headers

age: 482047
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 02 Oct 2025 13:21:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 02 Oct 2024 13:21:07 GMT
last-modified: Tue, 23 May 2023 16:35:55 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34108
x-xss-protection: 0
server: sffe

GET
H3 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 246ms
136ms Font
font/woff2 142.250.80.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.35 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f3.1e100.net

Software

sffe /

Resource Hash

ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 485461
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 02 Oct 2025 12:24:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 02 Oct 2024 12:24:13 GMT
last-modified: Wed, 31 Jul 2024 20:32:02 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16396
x-xss-protection: 0
server: sffe

GET
H3 200 5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 437ms
326ms Font
font/woff2 142.250.80.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.35 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f3.1e100.net

Software

sffe /

Resource Hash

97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 5724
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 01:39:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 01:39:50 GMT
last-modified: Wed, 31 Jul 2024 20:31:46 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15996
x-xss-protection: 0
server: sffe

GET
H3 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 249ms
139ms Font
font/woff2 142.250.80.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.35 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f3.1e100.net

Software

sffe /

Resource Hash

06e60764f2f683ef1562780a928735ca90bd7ff7b7376d2818c8445be9c29669

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 471914
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 02 Oct 2025 16:10:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 02 Oct 2024 16:10:00 GMT
last-modified: Wed, 31 Jul 2024 20:32:37 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15988
x-xss-protection: 0
server: sffe

GET
H3 200 5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 392ms
283ms Font
font/woff2 142.250.80.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500,700,400i,500i,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.35 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f3.1e100.net

Software

sffe /

Resource Hash

0f0c9a6824743e74e287574ef92dc872cbd02f44b9285f0564381b3d9b9173cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://fonts.googleapis.com/

Response headers

age: 469653
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 02 Oct 2025 16:47:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 02 Oct 2024 16:47:41 GMT
last-modified: Wed, 31 Jul 2024 20:32:00 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16716
x-xss-protection: 0
server: sffe

GET
H3 200 pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
fonts.gstatic.com/s/productsans/v9/ 31 KB
31 KB 293ms
184ms Font
font/woff2 142.250.80.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.35 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f3.1e100.net

Software

sffe /

Resource Hash

2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://cloud.google.com
Referer: https://cloud.google.com/

Response headers

age: 484810
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 02 Oct 2025 12:35:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 02 Oct 2024 12:35:04 GMT
last-modified: Mon, 15 Aug 2016 20:30:17 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31568
x-xss-protection: 0
server: sffe

GET
H2 200 fin7-evo1_pysh.max-1900x1900.png
storage.googleapis.com/gweb-cloudblog-publish/images/ 456 KB
457 KB 545ms
264ms Image
image/png 2607:f8b0:4006:80e::201b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/gweb-cloudblog-publish/images/fin7-evo1_pysh.max-1900x1900.png
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80e::201b , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 0af670810630c5efe0961873077a5ad14c12ac6ae4c8dd9f5d8bbe9e69034f28

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=CJSNJw==, md5=BamOD2CvgrpUEq+DcnbxOQ==
etag: "05a98e0f60af82ba5412af837276f139"
x-goog-stored-content-encoding: identity
expires: Tue, 08 Oct 2024 04:15:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 466908
date: Tue, 08 Oct 2024 03:15:15 GMT
last-modified: Tue, 27 Feb 2024 16:05:26 GMT
content-type: image/png
x-guploader-uploadid: AHmUCY2bIbiQ9NC68GbiB2s0mUXqFFuNPXotaPXpuXnPqETiJ3v2JF7SzrK4n5OJZdNCEbohAurGhYzF2Q
cache-control: public, max-age=3600
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1709049926857952
content-length: 466908
server: UploadServer

GET
DATA 200
OK truncated
/ 140 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,... Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=_b,_tp/excm=... 497 KB
154 KB 132ms
131ms Script
text/javascript 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqV_devWS_qCFTS298eJFTL-Pg2kcw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,ebZ3mb,Z5uLle,BBI74,ZDZcre,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/am=gMGAWQ/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqVNEek0U_NXnY_h7Fkt6dB9hRnbGQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

ce9239219d67feb6831857bb406b9fad91bee1915659c4eb094a54c5a3f28445

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 34806
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 17:35:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 17:35:08 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 158047
x-xss-protection: 0
server: sffe

GET
H3 200 m=NsSboe Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU... 10 KB
3 KB 140ms
140ms Script
text/javascript 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqV_devWS_qCFTS298eJFTL-Pg2kcw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=NsSboe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

269ee2017a5650434fa9d716e29997e4685c6e73cee65d45af845d439fe040da

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 34806
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 17:35:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 17:35:08 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2932
x-xss-protection: 0
server: sffe

GET
H3 200 lazy.min.js Show response
www.gstatic.com/feedback/js/help/prod/service/ 120 KB
39 KB 132ms
132ms Script
text/javascript 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqV_devWS_qCFTS298eJFTL-Pg2kcw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,ebZ3mb,Z5uLle,BBI74,ZDZcre,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

1645c6965b96ee7ac8a1a1e1cd499855cc599c7240408e8dce9d769b90ce1523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 2820
report-to: {"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 03:18:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 02:28:15 GMT
last-modified: Thu, 03 Oct 2024 17:14:00 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=3000
cross-origin-opener-policy: same-origin-allow-popups; report-to="product-feedback-gathering"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
accept-ranges: bytes
content-length: 39555
x-xss-protection: 0
server: sffe

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU... 22 KB
7 KB 132ms
132ms Script
text/javascript 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqV_devWS_qCFTS298eJFTL-Pg2kcw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

cd0784cc6bd0f7fc1fe130b699dbbf80239c883e0a41e2c5009c22d5ec110cff

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 34806
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 17:35:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 17:35:09 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 7515
x-xss-protection: 0
server: sffe

GET
H3 200 m=P6sQOc Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU... 1 KB
782 B 132ms
131ms Script
text/javascript 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,RqjULd,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqV_devWS_qCFTS298eJFTL-Pg2kcw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

88df12b530fef98d49bb60dadedaa8dba4d808c46eceaa528d84d419708c8e8c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 34806
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 17:35:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 17:35:09 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 756
x-xss-protection: 0
server: sffe

GET
H3 200 2a.json Show response
www.gstatic.com/glue/cookienotificationbar/config/ 22 B
67 B 283ms
145ms Fetch
application/json 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/glue/cookienotificationbar/config/2a.json?hl=en

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

a0a1f98fca203b8561519a06bacfdc50e4b3c4a5a71e740da5b0875bd4fc00d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
report-to: {"group":"uxe-owners-acl/gstatic","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/uxe-owners-acl/gstatic"}]}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 03:15:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:15 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 15 May 2023 09:18:00 GMT
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/gstatic
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="uxe-owners-acl/gstatic"
content-length: 42
x-xss-protection: 0
server: sffe

GET
H2 200 pingz Show response
cloud.google.com/__/ 134 B
355 B 311ms
309ms Fetch
application/json 2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/__/pingz?platform=boq&page=%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&ifgr=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97040fe76f9a317c2c2618cc532636b7e887b631f999f78a496f20ecc2558bda

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:15 GMT
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 client.js Show response
apis.google.com/js/ 14 KB
6 KB 573ms
214ms Script
text/javascript 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b34fd3a7e3bd40ec27773100c6c2fcf0928441f08d82be6af7d73a9984078f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
etag: "eadbb886c0e00b27"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 03:15:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:15 GMT
content-type: text/javascript
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cache-control: private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="gapi-team"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5819
x-xss-protection: 0
server: sffe

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 198 KB
70 KB 461ms
183ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

016b63ec97e0cc59f52d00f1efface4970f66aee3d3b6a0f11ad6340dad18027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 08 Oct 2024 03:15:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:15 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 70673
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/ 322 KB
110 KB 250ms
249ms Script
text/javascript 2607:f8b0:4006:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2988a5ff3b3292953842f0d5edc881a0bf234183c8d922459837956eb068c6dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 20270
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 21:37:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 21:37:26 GMT
last-modified: Mon, 07 Oct 2024 18:50:53 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
accept-ranges: bytes
access-control-allow-origin: *
content-length: 112537
x-xss-protection: 0
server: sffe

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 323 KB
95 KB 230ms
230ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

44463f7c20b871c7a5356fcb75ee7f3468fe76d6a38c5f65c71720db89634f1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96763
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 314 KB
94 KB 177ms
177ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

432483968992bfc1aededc742cf0858c4d8d6421c7403d6af931803ed2b35010

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96257
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 proxy.html Show response
scone-pa.clients6.google.com/static/ Frame 642E 432 B
865 B 481ms
152ms Document
text/html 2607:f8b0:4006:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.3visMJpiQIc.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo99Jaq3x9bYTscBipFXsayIS-abwA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

f86b427af0ae58b6dc340ebe80812f8f9e213f326535a9fd1def80f5db03107a

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-2UrlHg3hJUZ_cQDUcOfMfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 289
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-2UrlHg3hJUZ_cQDUcOfMfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp; report-to="gapi"
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:16 GMT
report-to: {"group":"gapi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi"}]}
server: scaffolding on HTTPServer2
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3l3l5l1&tag_exp=101671035~101747727&rnd=1340865705.1728357317&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevol...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5l1&tag_exp=101671035~101747727&rnd=1340865705.1728357317&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intell...

42 B
65 B

417ms
150ms

Ping
image/gif

142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5l1&tag_exp=101671035~101747727&rnd=1340865705.1728357317&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&dma=0&npa=0&gtm=45He4a20n91NS2VGJGHv9175119176za200zb6343254&auid=1812097756.1728357317

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5l1&tag_exp=101671035~101747727&rnd=1340865705.1728357317&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&dma=0&npa=0&gtm=45He4a20n91NS2VGJGHv9175119176za200zb6343254&auid=1812097756.1728357317
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 273 KB
94 KB 223ms
223ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-11082232239&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

dbf6b0c9f578f1436af447b4912cdb4d707d5ef3613f9d27316d34ff77e0bd79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96026
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 277 KB
94 KB 371ms
371ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10836211492&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

01f6e7c8390da43e25379e69dd90880e0b83c95cb384ef7672dc04d3ca71dcf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96654
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 212 KB
77 KB 271ms
270ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

fa6d770b1574d0382cdb1876b40a1c0454b79c54138fc745d74aaedb7e37f978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 78385
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 232 KB
83 KB 168ms
168ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-2507573&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f2535aa858da76e6448352f0e39d2d618e1e0b544f826f313397eac43d16e77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 84641
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 247 KB
87 KB 319ms
318ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-16541431319&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f24c3c97a6f0d6b843485ed1539a5c3c23f3abb49f5812fb75ed1c1e428e790a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 08 Oct 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89363
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
92 KB 376ms
371ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

22916842e8bfa02a59beff36bdb68c3a4303734eba3dbb5a3dfaabb6715fe0ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 08 Oct 2024 03:15:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94392
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 googleapis.proxy.js Show response
apis.google.com/js/ Frame 642E 14 KB
6 KB 151ms
150ms Script
text/javascript 142.251.32.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/googleapis.proxy.js?onload=startup

Requested by

Host: scone-pa.clients6.google.com
URL: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.3visMJpiQIc.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo99Jaq3x9bYTscBipFXsayIS-abwA%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.110 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f14.1e100.net

Software

sffe /

Resource Hash

3d49439aee51f4dcb87b5c6b7910aa3145b0584f59ff6abefcc398c2abffc30c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://scone-pa.clients6.google.com/

Response headers

content-encoding: gzip
etag: "7388ca8f66955866"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 03:15:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:17 GMT
content-type: text/javascript
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cache-control: private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="gapi-team"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5819
x-xss-protection: 0
server: sffe

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/ Frame 642E 80 KB
28 KB 133ms
133ms Script
text/javascript 142.251.32.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/googleapis.proxy.js?onload=startup

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.110 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f14.1e100.net

Software

sffe /

Resource Hash

07a9a6cf77f20cab3a7f4283245297049d6b5231c3981983203090cdc1b8980b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://scone-pa.clients6.google.com/

Response headers

content-encoding: gzip
age: 20246
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 21:37:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 21:37:51 GMT
last-modified: Mon, 07 Oct 2024 18:50:53 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28830
x-xss-protection: 0
server: sffe

GET
H2 200 activityi;fledge=1;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=4...
td.doubleclick.net/td/fls/rul/ Frame D87F 0
0 451ms
165ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-2507573&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

dc_pre=CMfp2N_o_YgDFZI1-QAdpbkhHw;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=*;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=...
https://ad.doubleclick.net/activity;dc_pre=CMfp2N_o_YgDFZI1-QAdpbkhHw;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;u...
https://adservice.google.com/ddm/fls/z/dc_pre=CMfp2N_o_YgDFZI1-QAdpbkhHw;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=*;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;u...

42 B
63 B

470ms
202ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMfp2N_o_YgDFZI1-QAdpbkhHw;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=*;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CMfp2N_o_YgDFZI1-QAdpbkhHw;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=*;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET
H3 200 activity;register_conversion=1;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi...
ad.doubleclick.net/ 0
23 B 427ms
272ms Image
image/png 142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=2507573;type=cloud;cat=enter006;ord=2714120142385;npa=0;auiddc=1812097756.1728357317;ps=1;pcor=608209561;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.198 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:17 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"17132079808208472559"}],"aggregatable_trigger_data":[{"filters":[{"14":["6459966"]}],"key_piece":"0xa81dc195bcc3c387","source_keys":["12","13","14","15","16","17","18","19","20","21","19193064","19193065","19193066","19193067","20551376","20551377","20551378","20551379","20554936","20554937","20554938","20554939","24103452","24103453","24103454","24103455","628469716","628469717","628469718","628469719","628837988","628837989","628837990","628837991","638615612","638615613","638615614","638615615"]},{"key_piece":"0x18c185d8b20608c6","not_filters":{"14":["6459966"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","19193064","19193065","19193066","19193067","20551376","20551377","20551378","20551379","20554936","20554937","20554938","20554939","24103452","24103453","24103454","24103455","628469716","628469717","628469718","628469719","628837988","628837989","628837990","628837991","638615612","638615613","638615614","638615615"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"19193064":34,"19193065":34,"19193066":34,"19193067":3345,"20":65,"20551376":36,"20551377":36,"20551378":36,"20551379":3530,"20554936":34,"20554937":34,"20554938":34,"20554939":3345,"21":6356,"24103452":32,"24103453":32,"24103454":32,"24103455":3177,"628469716":32,"628469717":32,"628469718":32,"628469719":3177,"628837988":32,"628837989":32,"628837990":32,"628837991":3177,"638615612":32,"638615613":32,"638615614":32,"638615615":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"11865540964261288757","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"17132079808208472559","filters":[{"14":["6459966"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"17132079808208472559","filters":[{"14":["6459966"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"17132079808208472559","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"17132079808208472559","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["2507573"]}}
content-type: image/png
x-xss-protection: 0
server: cafe

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;fr...
td.doubleclick.net/td/fls/rul/ Frame BE2E 0
0 509ms
279ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;f...
td.doubleclick.net/td/fls/rul/ Frame AD73 0
0 507ms
280ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;fr...
td.doubleclick.net/td/fls/rul/ Frame 96D1 0
0 384ms
160ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;f...
td.doubleclick.net/td/fls/rul/ Frame F736 0
0 381ms
161ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;f...
td.doubleclick.net/td/fls/rul/ Frame 5E24 0
0 378ms
163ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;f...
td.doubleclick.net/td/fls/rul/ Frame 3CD4 0
0 365ms
153ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;f...
td.doubleclick.net/td/fls/rul/ Frame E8DA 0
0 371ms
163ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;fr...
td.doubleclick.net/td/fls/rul/ Frame B8B2 0
0 362ms
159ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

dc_pre=COXb3N_o_YgDFRIg-QAdR58sHw;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=*;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;g...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=COXb3N_o_YgDFRIg-QAdR58sHw;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=COXb3N_o_YgDFRIg-QAdR58sHw;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=*;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;ua...

42 B
63 B

343ms
200ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COXb3N_o_YgDFRIg-QAdR58sHw;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=*;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=COXb3N_o_YgDFRIg-QAdR58sHw;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=*;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CLDV3N_o_YgDFdk1-QAdROQPmQ;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=*;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;ua...
https://ad.doubleclick.net/activity;dc_pre=CLDV3N_o_YgDFdk1-QAdROQPmQ;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab...
https://adservice.google.com/ddm/fls/z/dc_pre=CLDV3N_o_YgDFdk1-QAdROQPmQ;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=*;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

405ms
203ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLDV3N_o_YgDFdk1-QAdROQPmQ;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=*;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CLDV3N_o_YgDFdk1-QAdROQPmQ;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=*;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;p...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CNGY6d_o_YgDFfYj-QAd1uMW1g;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=*;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;g...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=CNGY6d_o_YgDFfYj-QAd1uMW1g;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=CNGY6d_o_YgDFfYj-QAd1uMW1g;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=*;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;ua...

42 B
63 B

206ms
205ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNGY6d_o_YgDFfYj-QAd1uMW1g;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=*;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CNGY6d_o_YgDFfYj-QAd1uMW1g;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=*;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CJae6d_o_YgDFXMj-QAdRmMY1g;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=*;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;ua...
https://ad.doubleclick.net/activity;dc_pre=CJae6d_o_YgDFXMj-QAdRmMY1g;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab...
https://adservice.google.com/ddm/fls/z/dc_pre=CJae6d_o_YgDFXMj-QAdRmMY1g;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=*;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

200ms
199ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJae6d_o_YgDFXMj-QAdRmMY1g;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=*;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CJae6d_o_YgDFXMj-QAdRmMY1g;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=*;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;p...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CM6x6d_o_YgDFdgd-QAdYycrmA;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=*;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;ua...
https://ad.doubleclick.net/activity;dc_pre=CM6x6d_o_YgDFdgd-QAdYycrmA;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab...
https://adservice.google.com/ddm/fls/z/dc_pre=CM6x6d_o_YgDFdgd-QAdYycrmA;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=*;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

199ms
199ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CM6x6d_o_YgDFdgd-QAdYycrmA;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=*;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CM6x6d_o_YgDFdgd-QAdYycrmA;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=*;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;p...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CPuy6d_o_YgDFYoj-QAde_gIpg;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=*;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;ua...
https://ad.doubleclick.net/activity;dc_pre=CPuy6d_o_YgDFYoj-QAde_gIpg;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab...
https://adservice.google.com/ddm/fls/z/dc_pre=CPuy6d_o_YgDFYoj-QAde_gIpg;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=*;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

202ms
200ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPuy6d_o_YgDFYoj-QAde_gIpg;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=*;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CPuy6d_o_YgDFYoj-QAde_gIpg;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=*;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;p...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CPyy6d_o_YgDFfs0-QAdGR8rvQ;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=*;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;ua...
https://ad.doubleclick.net/activity;dc_pre=CPyy6d_o_YgDFfs0-QAdGR8rvQ;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab...
https://adservice.google.com/ddm/fls/z/dc_pre=CPyy6d_o_YgDFfs0-QAdGR8rvQ;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=*;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;u...

42 B
63 B

199ms
198ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPyy6d_o_YgDFfs0-QAdGR8rvQ;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=*;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CPyy6d_o_YgDFfs0-QAdGR8rvQ;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=*;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;p...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CN-26d_o_YgDFYA0-QAd2u0hcg;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=*;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;g...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=CN-26d_o_YgDFYA0-QAd2u0hcg;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=CN-26d_o_YgDFYA0-QAd2u0hcg;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=*;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;ua...

42 B
63 B

199ms
199ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CN-26d_o_YgDFYA0-QAd2u0hcg;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=*;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CN-26d_o_YgDFYA0-QAd2u0hcg;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=*;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/16541431319/ 5 KB
2 KB 162ms
161ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16541431319/?random=1728357317464&cv=11&fst=1728357317464&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533422~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-16541431319&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

a73ca4ba7edcd08239f9c238376a7974a89542f0fe9382b101d9593d479ac7f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2429
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 16541431319
td.doubleclick.net/td/rul/ Frame B5BF 0
0 439ms
292ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/16541431319?random=1728357317464&cv=11&fst=1728357317464&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533422~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-16541431319&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11082232239/ 5 KB
2 KB 159ms
159ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11082232239/?random=1728357317526&cv=11&fst=1728357317526&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-11082232239&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

bc60c1744ad3f1bbb90c69e338b1ea7b2e79e5510106097971a84c8a339cc288

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2429
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 11082232239
td.doubleclick.net/td/rul/ Frame 3530 0
0 377ms
287ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/11082232239?random=1728357317526&cv=11&fst=1728357317526&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-11082232239&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 1427
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
0 241ms
96ms Fetch
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4a20v873759632z8897536842za200zb897536842&_p=1728357315468&_gaz=1&gcs=G111&gcd=13r3r3l3l5l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&cid=518537203.1728357318&ul=en-us&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&sid=1728357317&sct=1&seg=0&dt=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&en=active_experiments&_fv=1&_nsi=1&_ss=1&ep.is_queued=false&epn.event_number=0&epn.queue_batch_number=0&epn.queue_batch_hit_number=0&ep.country=US&ep.utmz=utmcsr%3D(direct)%7Cutmcmd%3D(none)%7Cutmccn%3D(direct)&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&ep.non_interaction=true&ep.active_experiments=1714249%2C48554500%2C97517172%2C48887082%2C97706004%2C1706538%2C93778619%2C93874004%2C48830069%2C97442199%2C97656899%2C97684535%2C97785988%2C97535270%2C48897392%2C48489826%2C97716267%2C97517154%2C48887064%2C93873986%2C97442181%2C97656881%2C97684517%2C97785970&ep.has_cj_refparam=false&ep.is_eea=false&tfd=7138
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cloud.google.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:17 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
545 B 402ms
139ms Ping
text/plain 2607:f8b0:4004:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-WH2QY8WWF5&cid=518537203.1728357318&gtm=45je4a20v873759632z8897536842za200zb897536842&aip=1&dma=0&gcs=G111&gcd=13r3r3l3l5l1&npa=0&frm=0&tag_exp=101529666~101671035~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cloud.google.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:17 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 45A8 0
0 187ms
163ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-WH2QY8WWF5&gacid=518537203.1728357318&gtm=45je4a20v873759632z8897536842za200zb897536842&dma=0&gcs=G111&gcd=13r3r3l3l5l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101529666~101671035~101747727&z=1208733119

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

204

https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4a20v873759632z8897536842za200zb897536842&_p=1728357315468&gcs=G111&gcd=13r3r3l3l5l1&npa=0&dma=0&tag_exp=101529666~101671035~1017...
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=518537203.1728357318&dbk=14200833811984881439&dma=0&en=page_view&gcs=G111&gtm=45je4a20v873759632z8897536842za200zb89753...

0
0

442ms
164ms

Fetch
text/plain

2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=518537203.1728357318&dbk=14200833811984881439&dma=0&en=page_view&gcs=G111&gtm=45je4a20v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/
Protocol: H2
Server: 2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgnc:90:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgnc:90:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
content-type: text/plain
server: Golfe2

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=518537203.1728357318&dbk=14200833811984881439&dma=0&en=page_view&gcs=G111&gtm=45je4a20v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 505
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:17 GMT
content-type: text/html; charset=UTF-8
server: Golfe2

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10836211492/ 5 KB
2 KB 182ms
181ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10836211492/?random=1728357317668&cv=11&fst=1728357317668&bg=ffffff&guid=ON&async=1&gtm=45be4a20v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101529665~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10836211492&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

30051ea7c3087d7bacca78f9890d5d2654bcf96b3fb8b6ac74bec42cbddf7aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2430
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10836211492
td.doubleclick.net/td/rul/ Frame BF61 0
0 249ms
248ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10836211492?random=1728357317668&cv=11&fst=1728357317668&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101529665~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10836211492&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 2221
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 log Show response
cloud.google.com/ 131 B
155 B 172ms
169ms Fetch
text/plain 142.250.64.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.110 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
X-Goog-AuthUser: 0

Response headers

x-frame-options: SAMEORIGIN
cache-control: private
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 08 Oct 2024 03:15:17 GMT
access-control-allow-origin: https://cloud.google.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-length: 131
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: text/plain; charset=UTF-8
server: Playlog
access-control-allow-headers: X-Playlog-Web

GET
H3 200 /
www.google.com/pagead/1p-user-list/16541431319/ 42 B
64 B 153ms
153ms Image
image/gif 142.250.64.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/16541431319/?random=1728357317464&cv=11&fst=1728356400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533422~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfTR025S-d7rNEZ7a4xVowRXjJ0ba2fcfFu3eCmPqvGNgoeN-a&random=687449660&rmt_tld=0&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.68 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/11082232239/ 42 B
64 B 153ms
153ms Image
image/gif 142.250.64.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11082232239/?random=1728357317526&cv=11&fst=1728356400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101533421~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfSluNw-5fEdd59ME8PKMP-8woU_96iqpmG0gQzBpr7ZK62INt&random=344919086&rmt_tld=0&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.68 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 trigger_anonymous Show response
scone-pa.clients6.google.com/v1/survey/trigger/ Frame 642E 33 B
217 B 166ms
165ms XHR
application/json+protobuf 2607:f8b0:4006:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

eb73ed3f9cc729604c26b3932945af24bc1eef53595aacb062afa1425e18ef2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.3visMJpiQIc.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo99Jaq3x9bYTscBipFXsayIS-abwA%2Fm%3D__features__
X-Referer: https://cloud.google.com
X-Goog-Encode-Response-If-Executable: base64
X-ClientDetails: appVersion=5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36&platform=Linux%20x86_64&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36
X-JavaScript-User-Agent: google-api-javascript-client/1.1.0
X-Goog-Api-Key: AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg
X-Origin: https://cloud.google.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json+protobuf

Response headers

strict-transport-security: max-age=10886400; includeSubdomains
cache-control: private
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN

GET
H3 200 /
www.google.com/pagead/1p-user-list/10836211492/ 42 B
64 B 153ms
152ms Image
image/gif 142.250.64.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10836211492/?random=1728357317668&cv=11&fst=1728356400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5l1&dma=0&tag_exp=101529665~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=1812097756.1728357317&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf17o6kG0OeFNYck_bqqL3mFmilGeQjElCGug4yzUOKtYUAmmU&random=1885693715&rmt_tld=0&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/evolution-of-fin7/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.68 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 200 log Show response
cloud.google.com/ 131 B
152 B 148ms
147ms Fetch
text/plain 142.250.64.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.110 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
X-Goog-AuthUser: 0

Response headers

x-frame-options: SAMEORIGIN
cache-control: private
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://cloud.google.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/plain; charset=UTF-8
server: Playlog
access-control-allow-headers: X-Playlog-Web

POST
H3 200 browserinfo Show response
cloud.google.com/blog/_/TransformBlogUi/ 92 B
136 B 271ms
270ms XHR
application/json 142.250.64.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/_/TransformBlogUi/browserinfo?f.sid=3652224114739762728&bl=boq_cloudx-web-blog-uiserver_20241006.08_p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=62119&rt=j

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.110 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f14.1e100.net

Software

ESF /

Resource Hash

39af758b7239f33a0d1044b6c1bbc18a560219efe49551fa15608180f04695dc

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Same-Domain: 1

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:15:18 GMT
content-type: application/json; charset=utf-8
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: same-site
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU... 3 KB
2 KB 133ms
132ms Script
text/javascript 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.eaG7ip1yDro.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.HTPDkn9Z6y8.L.B1.O/am=gMGAWQ/d=1/exm=A1yn5d,A7fCU,BBI74,BVgquf,CHCSlb,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,P6sQOc,Pkx8hb,PrPYRd,QIhFr,RMhBfe,RqjULd,SCGBie,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqV_devWS_qCFTS298eJFTL-Pg2kcw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

f2ace723d15dc13e8ec4eff912a9ce9d2949477b1c0bb9176b2ddcfb3f40612e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: gzip
age: 34808
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 17:35:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 17:35:10 GMT
last-modified: Tue, 01 Oct 2024 00:14:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
cache-control: public, immutable, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 1580
x-xss-protection: 0
server: sffe

GET
H2 200 activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;fr...
td.doubleclick.net/td/fls/rul/ Frame 7A27 0
0 157ms
149ms Document
text/html 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 08 Oct 2024 03:15:18 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

dc_pre=CNnQkODo_YgDFUEa-QAdGU85EA;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=*;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;g...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://ad.doubleclick.net/activity;dc_pre=CNnQkODo_YgDFUEa-QAdGU85EA;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=...
https://adservice.google.com/ddm/fls/z/dc_pre=CNnQkODo_YgDFUEa-QAdGU85EA;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=*;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;ua...

42 B
63 B

202ms
201ms

Image
image/gif

142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNnQkODo_YgDFUEa-QAdGU85EA;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=*;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2

Protocol

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CNnQkODo_YgDFUEa-QAdGU85EA;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=*;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;ps...
ad.doubleclick.net/ 0
0

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 162ms
159ms Image
text/html 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=885747523&rv=4a20&tag_exp=101529666~101671035~101747727&u=AAAAAIAIAAAAACAIAAAQ&h=Ag&gtm=45fe4a20v9181638614za201zb9175119176&ccid=siloed_181638614&cid=siloed_DC-2507573&l=L5009.S58.B53.E1127.I4412.EC9.TC3.HTC0~gtm.init_consent.S2.V1.E63.TS5ogtdma.TI8.TE2~gtm.init.S0.V0.E129.TS5ccdadd1pdata.TI12.TE0~*.S0.V0.E50~*.S0.V0.E48~*.S0.V0.E48~gtm.js.S0.V0.E177.TS5rep.TI6.TE36~gtm.dom.S0.V0.E11~gtm.elementVisibility.S0.V0.E10~gtm.load.S1.V0.E16

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 08 Oct 2024 03:15:18 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 favicon.ico
www.gstatic.com/cloud/images/icons/ 5 KB
1 KB 135ms
132ms Other
image/x-icon 142.251.40.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cloud/images/icons/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f3.1e100.net

Software

sffe /

Resource Hash

5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cloud.google.com/

Response headers

content-encoding: br
age: 904
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Wed, 08 Oct 2025 03:00:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 08 Oct 2024 03:00:14 GMT
last-modified: Tue, 27 Jun 2023 04:48:00 GMT
content-type: image/x-icon
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 1046
x-xss-protection: 0
server: sffe

POST collect
analytics.google.com/g/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=7485653227471;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=500741396;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4403501695354;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=2076308899;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9484376277198;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=965115766;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=1051850703445;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1127564269;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=2674307766356;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1507526519;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=7251013976820;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1763905753;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6606541505415;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=1709591217;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=7654248453664;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=621153346;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4109054111259;npa=0;auiddc=1812097756.1728357317;u6=US;ps=1;pcor=650905256;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a20z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5l1;dma=0;tag_exp=101529666~101671035~101747727;epver=2?

Domain: analytics.google.com
URL: https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&gtm=45je4a20v873759632z8897536842za200zb897536842&_p=1728357315468&gcs=G111&gcd=13r3r3l3l5l1&npa=0&dma=0&tag_exp=101529666~101671035~101747727&cid=518537203.1728357318&ul=en-us&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=3&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&sid=1728357317&sct=1&seg=1&dt=FIN7%20Power%20Hour%3A%20Adversary%20Archaeology%20and%20the%20Evolution%20of%20FIN7%20%7C%20Mandiant%20%7C%20Google%20Cloud%20Blog&en=utility&ep.is_queued=false&epn.event_number=2&epn.queue_batch_number=2&epn.queue_batch_hit_number=0&ep.country=US&ep.utmz=utmcsr%3D(direct)%7Cutmcmd%3D(none)%7Cutmccn%3D(direct)&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&epn.page_client_height=32595&epn.page_client_width=1600&ep.page_first_published=2024-03-25%2014%3A03%3A00&ep.page_hosting_platform=blog_boq&ep.page_last_published=2022-04-04%2000%3A04%3A00&ep.page_post_author=mandiant%20&ep.page_post_author_role=&ep.page_post_labels=threat%20intelligence&ep.page_post_title=fin7%20power%20hour%3A%20adversary%20archaeology%20and%20the%20evolution%20of%20fin7%20%7C%20mandiant&ep.page_original_url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fevolution-of-fin7%2F&ep.component=utmz%20cookie&ep.non_interaction=false&ep.has_cj_refparam=false&ep.is_eea=false&ep.old_value=&ep.new_value=utmcsr%3D(direct)%7Cutmcmd%3D(none)%7Cutmccn%3D(direct)&_et=2&tfd=12177

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mandiant.com/	1970-01-21 00:05:59	Name: __cf_bm Value: mFmdtsU6G6KZXeX9r7ByGJQCnp.V8HWJd2IOtjWIaZM-1728357310-1.0.1.1-SQUymlN8st1.jTmmuofCK4HCsJWhSRHOKT7Ku7Bk_uk2fruoivOGBkx5gfO4pqD.FFmxS8Yzk0OID4fs2UqYCw
.mandiant.com/	1969-12-31 23:59:59	Name: _cfuvid Value: goZfWMo2lWcOQGRTu1GnTBDdz9tMhidmpjlSIsRqfys-1728357310998-0.0.1.1-604800000
.cloud.google.com/	1970-01-21 04:25:09	Name: __utmz Value: utmcsr=(direct)\|utmcmd=(none)\|utmccn=(direct)
.cloud.google.com/	1970-01-21 02:15:33	Name: _gcl_au Value: 1.1.1812097756.1728357317
.cloud.google.com/	1970-01-21 09:41:57	Name: _ga Value: GA1.1.518537203.1728357318
.cloud.google.com/	1970-01-21 09:41:57	Name: _ga_WH2QY8WWF5 Value: GS1.1.1728357317.1.1.1728357317.60.0.0
.doubleclick.net/	1970-01-21 00:49:09	Name: ar_debug Value: 1
.google.com/	1970-01-21 04:29:28	Name: NID Value: 518=DlXsAHaOmLmaC2ZdAsAB4P9hBep1Im3Yg9fTzQnOGFP_uEAq1xIJ8vpb8YTrbkfljsR-K6AZ5RbTyiS2U3Gy4uzDLvUrsCG1g9QIuG1DV5Ib0JozRIhbWRmqO22SqQ-nIFVQsobXXOHJ80cinKcEicd2kBsYlfkLx0fZCxset_-jJXEvnuf8Re3AsA
.doubleclick.net/	1970-01-21 04:25:09	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-21 09:41:57	Name: IDE Value: AHWqTUkt5ilG331Qre6Mf2BnXMPSdJL0YaTEiXPfukLC7O3k2ofxM2GSY4UoSPII
cloud.google.com/	1970-01-21 00:49:09	Name: OTZ Value: 7767555_96_96__96_

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G8O3bjoY7Ieq55_ylQ2lIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
analytics.google.com
apis.google.com
cloud.google.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
scone-pa.clients6.google.com
stats.g.doubleclick.net
storage.googleapis.com
td.doubleclick.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.mandiant.com
ad.doubleclick.net
analytics.google.com
142.250.64.110
142.250.64.68
142.250.65.198
142.250.80.35
142.250.80.8
142.251.32.110
142.251.32.98
142.251.40.194
142.251.40.227
2001:4860:4802:34::181
2606:4700:300b::a29f:f17d
2607:f8b0:4004:c1f::9c
2607:f8b0:4006:80a::2008
2607:f8b0:4006:80e::201b
2607:f8b0:4006:80f::2002
2607:f8b0:4006:81d::200e
2607:f8b0:4006:81e::200a
2607:f8b0:4006:81f::200e
2607:f8b0:4006:821::200a
2607:f8b0:4006:821::200e
016b63ec97e0cc59f52d00f1efface4970f66aee3d3b6a0f11ad6340dad18027
01f6e7c8390da43e25379e69dd90880e0b83c95cb384ef7672dc04d3ca71dcf1
06e60764f2f683ef1562780a928735ca90bd7ff7b7376d2818c8445be9c29669
07a9a6cf77f20cab3a7f4283245297049d6b5231c3981983203090cdc1b8980b
0af670810630c5efe0961873077a5ad14c12ac6ae4c8dd9f5d8bbe9e69034f28
0f0c9a6824743e74e287574ef92dc872cbd02f44b9285f0564381b3d9b9173cf
1645c6965b96ee7ac8a1a1e1cd499855cc599c7240408e8dce9d769b90ce1523
22916842e8bfa02a59beff36bdb68c3a4303734eba3dbb5a3dfaabb6715fe0ef
269ee2017a5650434fa9d716e29997e4685c6e73cee65d45af845d439fe040da
2988a5ff3b3292953842f0d5edc881a0bf234183c8d922459837956eb068c6dd
2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0
30051ea7c3087d7bacca78f9890d5d2654bcf96b3fb8b6ac74bec42cbddf7aa9
39af758b7239f33a0d1044b6c1bbc18a560219efe49551fa15608180f04695dc
3d49439aee51f4dcb87b5c6b7910aa3145b0584f59ff6abefcc398c2abffc30c
432483968992bfc1aededc742cf0858c4d8d6421c7403d6af931803ed2b35010
44463f7c20b871c7a5356fcb75ee7f3468fe76d6a38c5f65c71720db89634f1d
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
7d7d4999c66cfde038010477d192a9136d7ac57491cbe93beb2043ec95d4124f
800f633202ce8f9164b880fd6ed86fc0673a476462c0df7ada22f14b7acd7725
88df12b530fef98d49bb60dadedaa8dba4d808c46eceaa528d84d419708c8e8c
97040fe76f9a317c2c2618cc532636b7e887b631f999f78a496f20ecc2558bda
97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37
a0a1f98fca203b8561519a06bacfdc50e4b3c4a5a71e740da5b0875bd4fc00d6
a73ca4ba7edcd08239f9c238376a7974a89542f0fe9382b101d9593d479ac7f2
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e
bc60c1744ad3f1bbb90c69e338b1ea7b2e79e5510106097971a84c8a339cc288
c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e
c9baa1d6cfdf41b6970c1c00911f070a2108aebbc26d1bc502fba1d0d230653d
cd0784cc6bd0f7fc1fe130b699dbbf80239c883e0a41e2c5009c22d5ec110cff
ce9239219d67feb6831857bb406b9fad91bee1915659c4eb094a54c5a3f28445
dbf6b0c9f578f1436af447b4912cdb4d707d5ef3613f9d27316d34ff77e0bd79
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b34fd3a7e3bd40ec27773100c6c2fcf0928441f08d82be6af7d73a9984078f
e8141776902d110d6f9ba4e8fe8fd27b6ec1f0cab96e1c491be1e09dc899350b
eb73ed3f9cc729604c26b3932945af24bc1eef53595aacb062afa1425e18ef2b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f24c3c97a6f0d6b843485ed1539a5c3c23f3abb49f5812fb75ed1c1e428e790a
f2535aa858da76e6448352f0e39d2d618e1e0b544f826f313397eac43d16e77d
f2ace723d15dc13e8ec4eff912a9ce9d2949477b1c0bb9176b2ddcfb3f40612e
f86b427af0ae58b6dc340ebe80812f8f9e213f326535a9fd1def80f5db03107a
fa6d770b1574d0382cdb1876b40a1c0454b79c54138fc745d74aaedb7e37f978

cloud.google.com Open in urlscan Pro 2607:f8b0:4006:821::200e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

84 Requests

74 %HTTPS

55 %IPv6

7 Domains

17 Subdomains

20 IPs

1 Countries

2061 kBTransfer

6518 kBSize

11 Cookies

21 Outgoing links

Page URL History

Redirected requests

84 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

cloud.google.com Open in urlscan Pro
2607:f8b0:4006:821::200e Public Scan

Screenshot
Live screenshot

Full Image

84
Requests

74 %
HTTPS

55 %
IPv6

7
Domains

17
Subdomains

20
IPs

1
Countries

2061 kB
Transfer

6518 kB
Size

11
Cookies

84 HTTP transactions
1 data transactions