cloud.google.com Open in urlscan Pro
142.250.185.78 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
Submission: On June 27 via api (June 27th 2024, 3:54:24 am UTC) from IL — Scanned from IL

Summary HTTP 82 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 18 IPs in 1 countries across 7 domains to perform 82 HTTP transactions. The main IP is 142.250.185.78, located in United States and belongs to GOOGLE, US. The main domain is cloud.google.com. The Cisco Umbrella rank of the primary domain is 14894.
TLS certificate: Issued by WR2 on June 13th 2024. Valid for: 3 months.

This is the only time cloud.google.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
1	216.58.206.42 216.58.206.42	15169 (GOOGLE) (GOOGLE)
9	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
7	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
1	216.58.206.59 216.58.206.59	15169 (GOOGLE) (GOOGLE)
4	142.250.185.110 142.250.185.110	15169 (GOOGLE) (GOOGLE)
9	142.250.185.72 142.250.185.72	15169 (GOOGLE) (GOOGLE)
2	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
5	142.250.186.110 142.250.186.110	15169 (GOOGLE) (GOOGLE)
1 4	142.250.184.228 142.250.184.228	15169 (GOOGLE) (GOOGLE)
4	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1 2	216.239.36.181 216.239.36.181	15169 (GOOGLE) (GOOGLE)
1	74.125.71.156 74.125.71.156	15169 (GOOGLE) (GOOGLE)
4	142.250.185.195 142.250.185.195	15169 (GOOGLE) (GOOGLE)
26 27	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
13	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
82	18

4 142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

cloud.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.42 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.59 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f27.1e100.net

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f14.1e100.net

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

scone-pa.clients6.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.228 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.36.181 (United States) 1 redirects

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.71.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wn-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net

www.google.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 142.250.186.70 (United States) 26 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	doubleclick.net 26 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 70 stats.g.doubleclick.net — Cisco Umbrella Rank: 136 ad.doubleclick.net — Cisco Umbrella Rank: 164	5 KB
29	google.com 2 redirects cloud.google.com — Cisco Umbrella Rank: 14894 apis.google.com — Cisco Umbrella Rank: 217 scone-pa.clients6.google.com — Cisco Umbrella Rank: 2949 www.google.com — Cisco Umbrella Rank: 5 analytics.google.com — Cisco Umbrella Rank: 174 adservice.google.com — Cisco Umbrella Rank: 213	225 KB
17	gstatic.com www.gstatic.com fonts.gstatic.com ssl.gstatic.com	599 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	759 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 71	20 KB
4	google.co.il www.google.co.il — Cisco Umbrella Rank: 25282	782 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 83 storage.googleapis.com — Cisco Umbrella Rank: 434	213 KB
82	7

	Domain	Requested by
27	ad.doubleclick.net	26 redirects cloud.google.com
13	adservice.google.com	cloud.google.com
9	www.googletagmanager.com	www.gstatic.com www.googletagmanager.com
9	www.gstatic.com	cloud.google.com www.gstatic.com
7	fonts.gstatic.com	cloud.google.com fonts.googleapis.com
5	www.google-analytics.com	www.googletagmanager.com cloud.google.com
4	www.google.co.il	cloud.google.com
4	googleads.g.doubleclick.net	cloud.google.com www.googletagmanager.com
4	www.google.com	1 redirects cloud.google.com
4	apis.google.com	www.gstatic.com apis.google.com scone-pa.clients6.google.com
4	cloud.google.com	www.gstatic.com
2	analytics.google.com	1 redirects www.googletagmanager.com
2	scone-pa.clients6.google.com	apis.google.com
1	ssl.gstatic.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	storage.googleapis.com	cloud.google.com
1	fonts.googleapis.com	cloud.google.com
82	17

This site contains links to these domains. Also see Links.

Domain
console.cloud.google.com
mapsplatform.google.com
workspace.google.com
twitter.com
www.linkedin.com
www.facebook.com
core.vmware.com
www.fortiguard.com
github.com
datatracker.ietf.org
www.virustotal.com
www.twitter.com
www.youtube.com
www.instagram.com
myaccount.google.com
support.google.com

Subject Issuer	Validity	Valid
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
storage.googleapis.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.apis.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.googleapis.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
*.google.co.il WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
Frame ID: E55FA21A48DCB1D1691D3ED6AB0B2C39
Requests: 79 HTTP requests in this frame

Frame: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.iw.8XAm2aX0MxQ.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ%2Fm%3D__features__
Frame ID: 9FF69361804EADF017FB36350CD61888
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cloaked and Covert: Uncovering UNC3886 Espionage Operations | Google Cloud Blog

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

82
Requests

67 %
HTTPS

0 %
IPv6

7
Domains

17
Subdomains

18
IPs

1
Countries

1821 kB
Transfer

6337 kB
Size

9
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://console.cloud.google.com/freetrial/
Title: Get started for free

Search URL Search Domain Scan URL

URL: https://mapsplatform.google.com/resources/blog/
Title: Google Maps Platform

Search URL Search Domain Scan URL

URL: https://workspace.google.com/blog
Title: Google Workspace

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Cloaked%20and%20Covert:%20Uncovering%20UNC3886%20Espionage%20Operations%20@googlecloud&url=https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations&title=Cloaked%20and%20Covert:%20Uncovering%20UNC3886%20Espionage%20Operations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?caption=Cloaked%20and%20Covert:%20Uncovering%20UNC3886%20Espionage%20Operations&u=https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Search URL Search Domain Scan URL

URL: https://core.vmware.com/vsphere-esxi-mandiant-malware-persistence
Title: VMware

Search URL Search Domain Scan URL

URL: https://www.fortiguard.com/psirt/FG-IR-22-369
Title: Fortinet

Search URL Search Domain Scan URL

URL: https://www.fortiguard.com/psirt_policy
Title: vulnerability disclosure processes

Search URL Search Domain Scan URL

URL: https://github.com/f0rb1dd3n/Reptile/blob/965dc73bef36877574a43523fe1b7ec55c52cd9f/loader.c
Title: custom launcher

Search URL Search Domain Scan URL

URL: https://github.com/NorthWardTop/posix/blob/master/process/create_daemon.c
Title: create_daemon.c

Search URL Search Domain Scan URL

URL: https://github.com/f0rb1dd3n/Reptile/blob/965dc73bef36877574a43523fe1b7ec55c52cd9f/setup.sh
Title: the installation script

Search URL Search Domain Scan URL

URL: https://github.com/f0rb1dd3n/Reptile/blob/965dc73bef36877574a43523fe1b7ec55c52cd9f/setup.sh#L278
Title: modprobe

Search URL Search Domain Scan URL

URL: https://github.com/f0rb1dd3n/Reptile/blob/1e17bc82ea8e4f9b4eaf15619ed6bcd283ad0e17/scripts/installer.sh#L12
Title: udev

Search URL Search Domain Scan URL

URL: https://github.com/ldpreload/Medusa
Title: an open-source rootkit implementing dynamic linker hijacking via LD_PRELOAD

Search URL Search Domain Scan URL

URL: https://github.com/ldpreload/Medusa/blob/main/src/rkload.c
Title: MEDUSA installer component

Search URL Search Domain Scan URL

URL: https://github.com/prasmussen/gdrive
Title: an open-source Google Drive CLI client

Search URL Search Domain Scan URL

URL: https://github.com/kubo/injector
Title: kubo/injector

Search URL Search Domain Scan URL

URL: https://github.com/wzshiming/sshd
Title: wzshiming/sshd

Search URL Search Domain Scan URL

URL: https://datatracker.ietf.org/doc/html/rfc8907#name-the-tacacs-packet-header
Title: RFC 8907

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/collection/7348124563bbbc386fcda8a66c43de6d1a3dcfd370edff22e3131afe7e3bc9dc
Title: publicly available GTI Collection

Search URL Search Domain Scan URL

URL: https://www.twitter.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.youtube.com/googlecloud

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/showcase/google-cloud

Search URL Search Domain Scan URL

URL: https://www.instagram.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/googlecloud/

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/privacypolicy?hl=en-US
Title: Privacy

Search URL Search Domain Scan URL

URL: https://myaccount.google.com/termsofservice?hl=en-US
Title: Terms

Search URL Search Domain Scan URL

URL: https://support.google.com/
Title: Help

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1919032711.1719460457&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&dma=0&npa=0&gtm=45He46q0n91NS2VGJGHv9175119176za200zb6343254&auid=422427630.1719460457 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1919032711.1719460457&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&dma=0&npa=0&gtm=45He46q0n91NS2VGJGHv9175119176za200zb6343254&auid=422427630.1719460457

Request Chain 41

https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&_ng=1&gtm=45je46q0v873759632z8897536842za200zb897536842&_p=1719460456074&gcs=G111&gcd=13r3r3l3l5&npa=0&dma=0&tag_exp=0&cid=921390786.1719460457&ul=he-il&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=2&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations%2F&sid=1719460457&sct=1&seg=1&dt=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&en=page_view&_c=1&ep.is_queued=false&epn.event_number=1&epn.queue_batch_number=1&epn.queue_batch_hit_number=0&ep.country=IL&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&epn.page_client_height=28901&epn.page_client_width=1600&ep.page_first_published=2024-06-18%2023%3A06%3A00&ep.page_hosting_platform=blog_boq&ep.page_last_published=2024-06-19%2000%3A06%3A00&ep.page_post_author=mandiant%20&ep.page_post_author_role=&ep.page_post_labels=threat%20intelligence&ep.page_post_title=cloaked%20and%20covert%3A%20uncovering%20unc3886%20espionage%20operations&ep.page_original_url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&ep.non_interaction=false&ep.has_cj_refparam=false&ep.is_eea=false&_et=15&tfd=3368&_z=fetch HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=921390786.1719460457&dbk=7875973087811684462&dma=0&en=page_view&gcs=G111&gtm=45je46q0v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F

Request Chain 43

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CMiEsq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CMiEsq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=*;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 45

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CI79r67x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CI79r67x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=*;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 47

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CKeUua7x-oYDFQcQogMdO0MDog;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CKeUua7x-oYDFQcQogMdO0MDog;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=*;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 49

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPjFuq7x-oYDFT4WogMdNJoAlQ;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CPjFuq7x-oYDFT4WogMdNJoAlQ;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=*;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 51

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CIbguq7x-oYDFS4JogMdyYcIng;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CIbguq7x-oYDFS4JogMdyYcIng;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=*;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 53

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CMrfuq7x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CMrfuq7x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=*;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 55

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CP7huq7x-oYDFdgXogMdfscAtw;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CP7huq7x-oYDFdgXogMdfscAtw;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=*;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 57

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPvhuq7x-oYDFdkOogMdWqEMoQ;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CPvhuq7x-oYDFdkOogMdWqEMoQ;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=*;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 59

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CN_huq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CN_huq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=*;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 61

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CMyhu67x-oYDFdUYogMdZ04MHA;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CMyhu67x-oYDFdUYogMdZ04MHA;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=*;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 63

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CPDevK7x-oYDFVgOogMd5GcFwg;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CPDevK7x-oYDFVgOogMd5GcFwg;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=*;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 65

https://ad.doubleclick.net/activity;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=422427630.1719460457;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CILhvK7x-oYDFQcQogMdO0MDog;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=422427630.1719460457;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CILhvK7x-oYDFQcQogMdO0MDog;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=*;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Request Chain 78

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CJOn5q7x-oYDFaYOogMdfiUCWw;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CJOn5q7x-oYDFaYOogMdfiUCWw;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=*;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

82 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request uncovering-unc3886-espionage-operations Show response
cloud.google.com/blog/topics/threat-intelligence/ 455 KB
71 KB 194ms
193ms Document
text/html 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

32767a8443a208b09f5832a13b2a26e0d30c7d9e915baef7e507555990bca9c2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7_tPbcUfNgiCTP_4RNBZ1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-7_tPbcUfNgiCTP_4RNBZ1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Thu, 27 Jun 2024 03:54:14 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
reporting-endpoints: default="/blog/_/TransformBlogUi/web-reports?context=eJzjStDikmII1JBiSHr6mCnP4AlTARAzPnrCdHHPU6ZSsZdMEl9fMmkAcYHsK6bdn6axOqXPYA0CYp_6GawxQNx68xzrVCBO-neetQiI1VwvsC6JuMh6KPEi67eUi6xCPBzPjnzezCbwYP7JdUxK2kn5hfHJOfmlKRW65alJukk5-em6pZnFqUVlqUXxRgZGJgZmRiZ6BhbxBYYAw8Q-_w"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 376ms
125ms Stylesheet
text/css 216.58.206.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f10.1e100.net

Software

ESF /

Resource Hash

d1ad5d73ed0a9340420a1fc2e3457d6ae41c00281a541bdbcd1656c56da7c1b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Thu, 27 Jun 2024 03:54:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 02:05:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 Jun 2024 03:54:15 GMT

GET
H2 200 m=articleview,_b,_tp
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/ed=1/rs=AHrnUqVGZ2ttb2CM_CYE-TpDGXw7J92TYg/ 2 MB
185 KB 491ms
247ms Stylesheet
text/css 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/ed=1/rs=AHrnUqVGZ2ttb2CM_CYE-TpDGXw7J92TYg/m=articleview,_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

5551c295af3167fc0c7c014fb8f21f93056760937e508b1e4d2cf37bc45eebb0

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 25 Jun 2024 18:58:12 GMT
age: 118563
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 189538
x-xss-protection: 0
last-modified: Fri, 21 Jun 2024 08:16:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/css; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Jun 2025 18:58:12 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/am=MAx0Fg/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqXt0ss1tXA2E5UrYdfwTx... 184 KB
66 KB 330ms
118ms Script
text/javascript 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/am=MAx0Fg/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqXt0ss1tXA2E5UrYdfwTxDk2Q49eg/m=_b,_tp

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

715d29345210173d6f01430863e23ca08ffa68fd2b47fc387603a669a667862a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 25 Jun 2024 19:04:59 GMT
age: 118156
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66447
x-xss-protection: 0
last-modified: Tue, 25 Jun 2024 00:15:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Jun 2025 19:04:59 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ 33 KB
33 KB 463ms
218ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 15:02:35 GMT
x-content-type-options: nosniff
age: 132700
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 15:02:35 GMT

GET
H2 200 pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
fonts.gstatic.com/s/productsans/v9/ 31 KB
31 KB 381ms
136ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 15:04:42 GMT
x-content-type-options: nosniff
age: 132573
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31568
x-xss-protection: 0
last-modified: Mon, 15 Aug 2016 20:30:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 15:04:42 GMT

GET
H2 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v21/ 15 KB
15 KB 362ms
117ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

f36242b1ab1ac1316640455b84d157e26487bfbb2b847c6dd4107d6ca071617f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://fonts.googleapis.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 22:21:12 GMT
x-content-type-options: nosniff
age: 106383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15208
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 22:21:12 GMT

GET
H2 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v13/ 21 KB
21 KB 514ms
270ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v13/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtBD7TA.woff2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

3f4547cbf4dc86783668c3ec03f03cfae34eaa23366fdb5392b225735ad5f9ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 15:20:48 GMT
x-content-type-options: nosniff
age: 131607
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21396
x-xss-protection: 0
last-modified: Mon, 22 Apr 2019 23:43:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 15:20:48 GMT

GET
H2 200 5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
fonts.gstatic.com/s/googlesanstext/v21/ 14 KB
15 KB 533ms
288ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

8300ba70904617a47a80e9098fe00b3f7aefd328519318c420289b0bbdfb5e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://fonts.googleapis.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 15:15:04 GMT
x-content-type-options: nosniff
age: 131951
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14796
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:47:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 15:15:04 GMT

GET
H2 200 5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2
fonts.gstatic.com/s/googlesanstext/v21/ 14 KB
15 KB 543ms
299ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v21/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

483f202789ed694c70f16e9ca008533be41fc8f9ddc44d832f5818cef0ac85f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://fonts.googleapis.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:25:06 GMT
x-content-type-options: nosniff
age: 1749
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14796
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 03:25:06 GMT

GET
H2 200 5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2
fonts.gstatic.com/s/googlesanstext/v21/ 15 KB
15 KB 497ms
253ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v21/5aUo9-KzpRiLCAt4Unrc-xIKmCU5qE9GiU9G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

e301cc90d132832ecb405a41ecd7b0be5dab12c496fe6bf3710d2e771190257a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://fonts.googleapis.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 14:48:08 GMT
x-content-type-options: nosniff
age: 133567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15476
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:23:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 14:48:08 GMT

GET
H2 200 unc3886-cloaked-covert-fig1.max-2200x2200.jpg
storage.googleapis.com/gweb-cloudblog-publish/images/ 211 KB
211 KB 492ms
243ms Image
image/jpeg 216.58.206.59
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/gweb-cloudblog-publish/images/unc3886-cloaked-covert-fig1.max-2200x2200.jpg
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.206.59 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lcfraa-aa-in-f27.1e100.net
Software: UploadServer /
Resource Hash: d072452519cf4773733cf78cfc17c48c7c6227f7e79e372f41bff75976b5640e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:15 GMT
age: 0
x-guploader-uploadid: ACJd0NqfpIeBzz3R5M6rofBGZHRxifybDhyKg_qEzRcdlBI-EzLXCq94R2Rf1o8uN-OWCLLx00Pk5UNNEQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 215958
last-modified: Mon, 17 Jun 2024 20:47:29 GMT
server: UploadServer
etag: "42df483fa84bbcea1fe3c9df0bf79d64"
x-goog-generation: 1718657249305937
x-goog-hash: crc32c=Tcmu2g==, md5=Qt9IP6hLvOof48nfC/edZA==
content-type: image/jpeg
cache-control: public, max-age=3600
x-goog-stored-content-length: 215958
accept-ranges: bytes
expires: Thu, 27 Jun 2024 04:54:15 GMT

GET
DATA 200
OK truncated
/ 140 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,... Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=_b,_tp/excm=... 493 KB
153 KB 119ms
118ms Script
text/javascript 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqU0-CYl7a-bs6NMzxlohIscTdccAw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,BBI74,VwDzFe,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/am=MAx0Fg/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqXt0ss1tXA2E5UrYdfwTxDk2Q49eg/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

4bb9d2474af5c359099ddd57adbb13af5207df140c95ada532a3766647bb4978

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 25 Jun 2024 19:40:46 GMT
age: 116009
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156980
x-xss-protection: 0
last-modified: Fri, 21 Jun 2024 08:16:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Jun 2025 19:40:46 GMT

GET
H2 200 m=NsSboe Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,... 10 KB
3 KB 135ms
135ms Script
text/javascript 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqU0-CYl7a-bs6NMzxlohIscTdccAw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=NsSboe

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

988a11bf17c78d42439ca23c9c1c0a131c01c3faf105399139fba923f4c6210f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Jun 2024 03:12:19 GMT
age: 88916
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2937
x-xss-protection: 0
last-modified: Fri, 21 Jun 2024 08:16:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jun 2025 03:12:19 GMT

GET
H3 200 lazy.min.js Show response
www.gstatic.com/feedback/js/help/prod/service/ 107 KB
36 KB 116ms
116ms Script
text/javascript 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=_b,_tp/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqU0-CYl7a-bs6NMzxlohIscTdccAw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,Pkx8hb,mI3LFb,mzzZzc,CHCSlb,o60eef,kxO7ab,YSybTb,SCGBie,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,fmklff,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,xQtZb,JNoxi,kWgXee,oTg6l,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,BBI74,VwDzFe,Z3rB,rJ9tU,MdUzUe,A7fCU,zbML3c,zr1jrb,Yq43cc,Uas9Hd,pjICDe

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

05c4ae711321b40111d466573d0e3f21539a01399be7ce2eb3b527bd3ec25bcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:22:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1902
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37135
x-xss-protection: 0
last-modified: Tue, 25 Jun 2024 16:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="product-feedback-gathering"
vary: Accept-Encoding, Origin
report-to: {"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Thu, 27 Jun 2024 04:12:33 GMT

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,... 19 KB
6 KB 123ms
123ms Script
text/javascript 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqU0-CYl7a-bs6NMzxlohIscTdccAw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

f8e30cd9f031cc7e3d1e102179c8aa0b64e11659564659c5538ca975b0e90bfa

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Jun 2024 03:12:19 GMT
age: 88916
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6472
x-xss-protection: 0
last-modified: Fri, 21 Jun 2024 08:16:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jun 2025 03:12:19 GMT

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,... 1 KB
790 B 124ms
124ms Script
text/javascript 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,RqjULd,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqU0-CYl7a-bs6NMzxlohIscTdccAw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

b61a964df7112d25a56d4afce1e0db78304cc3d148087daa96185f6a93a87164

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Jun 2024 03:12:20 GMT
age: 88915
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 764
x-xss-protection: 0
last-modified: Fri, 21 Jun 2024 08:16:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jun 2025 03:12:20 GMT

GET
H3 200 2a.json Show response
www.gstatic.com/glue/cookienotificationbar/config/ 22 B
67 B 249ms
125ms Fetch
application/json 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/glue/cookienotificationbar/config/2a.json?hl=en

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

a0a1f98fca203b8561519a06bacfdc50e4b3c4a5a71e740da5b0875bd4fc00d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/gstatic
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"uxe-owners-acl/gstatic","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/uxe-owners-acl/gstatic"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="uxe-owners-acl/gstatic"
expires: Thu, 27 Jun 2024 03:54:16 GMT

GET
H2 200 pingz Show response
cloud.google.com/__/ 134 B
356 B 261ms
260ms Fetch
application/json 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/__/pingz?platform=boq&page=%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&ifgr=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

eb5fae4b7c9ee35d9b880576769d4e9bbe6f8798ac0fd771e59b02ca630d1cc0

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /_/CloudWebCgcHttp/cspreport
content-encoding: gzip
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 client.js Show response
apis.google.com/js/ 15 KB
6 KB 370ms
124ms Script
text/javascript 142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

sffe /

Resource Hash

6c9c382bb1800105efcf55b9002ec41d3ee31d1a34b7f32433f1670bc14c1859

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 27 Jun 2024 03:54:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5908
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "4eee2ab01949c7c8"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 03:54:16 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 191 KB
67 KB 374ms
126ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

ac6d7e38683ac10c1ba7b2aa68b940f020a583b63cd7e869cb8e87af9ad12361

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68662
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:16 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.iw.8XAm2aX0MxQ.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ/ 323 KB
111 KB 116ms
116ms Script
text/javascript 142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.iw.8XAm2aX0MxQ.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

sffe /

Resource Hash

6b725f0a72dbaa6aeeb0f262d1cf5afa1fb05c8e1ca4512c6ac0c8e4b20fa59a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 26 Jun 2024 04:39:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112738
x-xss-protection: 0
last-modified: Thu, 06 Jun 2024 15:21:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jun 2025 04:39:26 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 314 KB
92 KB 127ms
126ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

ebc186db35ca33bfd75eb1b9bc01c8502f07d90a08e17aa280296043b10e28a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94477
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:16 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 303 KB
91 KB 197ms
197ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5CVQBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b3a8c82132300731d19be39214dded159c5e3e8715e956adb88d8b317c455495

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93373
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:16 GMT

GET
H2 200 proxy.html Show response
scone-pa.clients6.google.com/static/ Frame 9FF6 432 B
865 B 409ms
160ms Document
text/html 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.iw.8XAm2aX0MxQ.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.iw.8XAm2aX0MxQ.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

87544d208368586afb32889de68803c6347f9b2131ae55b5b963f0248d716b22

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-cXVK260JAOdB9ntDoA-c1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-arch: "x86"
sec-ch-ua-bitness: "64"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-mobile: ?0
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-wow64: ?0

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 288
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-cXVK260JAOdB9ntDoA-c1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/xd3cpp/2 require-trusted-types-for 'script'
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp; report-to="gapi"
cross-origin-resource-policy: cross-origin
date: Thu, 27 Jun 2024 03:54:17 GMT
report-to: {"group":"gapi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi"}]}
server: scaffolding on HTTPServer2
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/internal/ 47 KB
19 KB 375ms
128ms Script
text/javascript 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/internal/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

e1673c8fffd3fe16ab442ce4fb8fdec0481235c76bbee8ad6063c254453a4466

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 27 Jun 2024 03:54:17 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 0
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19290
expires: Thu, 27 Jun 2024 05:54:17 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
90 KB 138ms
138ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8NRS5J&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

83644f67e59644e43061fa7f5040a79980e69179e8aa30f00a24b40a584673b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91909
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 27 Jun 2024 03:54:16 GMT

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1919032711.1719460457&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espio...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1919032711.1719460457&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-...

42 B
65 B

372ms
125ms

Ping
image/gif

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1919032711.1719460457&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&dma=0&npa=0&gtm=45He46q0n91NS2VGJGHv9175119176za200zb6343254&auid=422427630.1719460457

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&tag_exp=0&rnd=1919032711.1719460457&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&dma=0&npa=0&gtm=45He46q0n91NS2VGJGHv9175119176za200zb6343254&auid=422427630.1719460457
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 264 KB
91 KB 142ms
141ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-11082232239&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e0f76ae40db7f1d269422a351f8ccf48b5dc09141522500cb636a01167f4985c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93190
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:17 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 268 KB
92 KB 258ms
257ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10836211492&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

5afc979307c738ea941000f362874af7096196a9e6f70a850b73dcc6341f4c16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94008
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:17 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 204 KB
74 KB 223ms
222ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-7546819&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

933383d6ea4ba16f639358e67257905c0d28788a8dec5e25a2856ea1814d827a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75838
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:17 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 213 KB
76 KB 275ms
274ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-2507573&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

70627f4a2f3aedad835bf6da95f3a98514c8f15d83b50888b290fdaf96c3043d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78227
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:17 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 238 KB
85 KB 305ms
304ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-16541431319&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NS2VGJGH&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

9da9a2f80bc4b8ae284fde2472d43ebcde72e9fdf8cd53c25d04847ded0c3621

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86683
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 03:54:17 GMT

GET
H3 200 googleapis.proxy.js Show response
apis.google.com/js/ Frame 9FF6 15 KB
6 KB 125ms
124ms Script
text/javascript 142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/googleapis.proxy.js?onload=startup

Requested by

Host: scone-pa.clients6.google.com
URL: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.iw.8XAm2aX0MxQ.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

sffe /

Resource Hash

c8d0f8f90cfd7f8f6355fd98ad780553247dfb35a54d944517d9b8b40b9da20c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://scone-pa.clients6.google.com/
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 27 Jun 2024 03:54:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "6523cec413a84f02"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 03:54:17 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.iw.8XAm2aX0MxQ.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ/ Frame 9FF6 81 KB
28 KB 126ms
125ms Script
text/javascript 142.250.185.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.iw.8XAm2aX0MxQ.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/googleapis.proxy.js?onload=startup

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f14.1e100.net

Software

sffe /

Resource Hash

fb291ac84525f2c38f4d63dbc29998bf5cbb450caaeab7606c776d87db196555

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://scone-pa.clients6.google.com/
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 22:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105797
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29036
x-xss-protection: 0
last-modified: Thu, 06 Jun 2024 15:21:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Jun 2025 22:31:00 GMT

GET
H2 200 collect
www.google-analytics.com/internal/ 35 B
194 B 128ms
127ms Image
image/gif 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/internal/collect?v=1&_v=j101&aip=1&a=56592254&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcloud.google.com%2Fvirtual%2Fexperiment%2Fboq_experiment&ul=he-il&de=UTF-8&dt=activeExperiments%3D%5B48610513%5C%2C97608130%5C%2C97517170%5C%2C93880156%5C%2C1714257%5C%2C48830069%5C%2C93778619%5C%2C48554497%5C%2C48887080%5C%2C97608950%5C%2C97442197%5C%2C97535270%5C%2C93874002%5C%2C48509040%5C%2C1706538%5C%2C48897392%5C%2C48489826%5C%2C97605796%5C%2C97517154%5C%2C93880140%5C%2C48887064%5C%2C97442181%5C%2C93873986%5C%2C48509038%5D%2CexpId%3Dboq_experiment%2CexpVar%3D&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=configureExperiment&ea=boq_experiment&el=boq_experiment-&xid=boq_experiment&_u=QEBAAEABCAAAAAgDY~&cid=921390786.1719460457&tid=UA-36037335-1&gtm=45He46q0n81M8NRS5Jv897536842za200zb6343254&cd1=&cd2=en&cd4=IL&cd8=boq_experiment-&cd14=GTM-M8NRS5J%3A76&cd15=%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations%2F&cd16=False&cd17=False&cd22=Maybe&cd32=(not%20set)&cd34=(not%20set)&cd37=IL&cd42=cloudTrack&cd49=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&cd64=blog_boq&gcs=G111&gcd=13r3r3l3l5&dma=0&tag_exp=0&z=271282161

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 26 Jun 2024 22:14:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 20378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/internal/ 35 B
91 B 139ms
129ms Image
image/gif 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/internal/collect?v=1&_v=j101&aip=1&a=56592254&t=pageview&_s=1&dl=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&dp=%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&ul=he-il&de=UTF-8&dt=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QGDACEABDAAAAAgDY~&cid=921390786.1719460457&tid=UA-36037335-1&gtm=45He46q0n81M8NRS5Jv897536842za200zb6343254&cd1=&cd2=en&cd4=IL&cd14=GTM-M8NRS5J%3A76&cd15=%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations%2F&cd16=False&cd17=False&cd22=Maybe&cd32=(not%20set)&cd34=(not%20set)&cd37=IL&cd42=cloudTrack&cd49=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&cd60=1600&cd61=28901&cd64=blog_boq&gcs=G111&gcd=13r3r3l3l5&dma=0&tag_exp=0&cd38=Mandiant&cd39=Threat%20Intelligence&cd47=2024-06-19%2000%3A06%3A00&cd48=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations&cd57=2024-06-18%2023%3A06%3A00&cd58=&z=1565618555

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 26 Jun 2024 22:14:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 20378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/internal/ 35 B
91 B 139ms
130ms Image
image/gif 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/internal/collect?v=1&_v=j101&aip=1&a=56592254&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&ul=he-il&de=UTF-8&dt=activeExperiments%3D%5B48610513%5C%2C97608130%5C%2C97517170%5C%2C93880156%5C%2C1714257%5C%2C48830069%5C%2C93778619%5C%2C48554497%5C%2C48887080%5C%2C97608950%5C%2C97442197%5C%2C97535270%5C%2C93874002%5C%2C48509040%5C%2C1706538%5C%2C48897392%5C%2C48489826%5C%2C97605796%5C%2C97517154%5C%2C93880140%5C%2C48887064%5C%2C97442181%5C%2C93873986%5C%2C48509038%5D%2CexpId%3Dcw_ping_experiment%2CexpVar%3D&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=configureExperiment&ea=cw_ping_experiment&el=cw_ping_experiment-&xid=cw_ping_experiment&_u=QGDACEABDAAAAAgDYAC~&cid=921390786.1719460457&tid=UA-36037335-1&gtm=45He46q0n81M8NRS5Jv897536842za200zb6343254&cd1=&cd2=en&cd4=IL&cd8=cw_ping_experiment-&cd14=GTM-M8NRS5J%3A76&cd15=%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations%2F&cd16=False&cd17=False&cd22=Maybe&cd32=(not%20set)&cd34=(not%20set)&cd42=cloudTrack&cd49=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&cd60=1600&cd61=28901&cd64=blog_boq&gcs=G111&gcd=13r3r3l3l5&dma=0&tag_exp=0&z=596179232

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 26 Jun 2024 22:14:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 20378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 trigger_anonymous Show response
scone-pa.clients6.google.com/v1/survey/trigger/ Frame 9FF6 33 B
218 B 263ms
261ms XHR
application/json+protobuf 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scone-pa.clients6.google.com/v1/survey/trigger/trigger_anonymous?key=AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.iw.8XAm2aX0MxQ.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

eb73ed3f9cc729604c26b3932945af24bc1eef53595aacb062afa1425e18ef2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Goog-Encode-Response-If-Executable: base64
X-Origin: https://cloud.google.com
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-platform-version: "10.0.0"
X-Goog-Api-Key: AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg
X-Requested-With: XMLHttpRequest
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"
X-ClientDetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json+protobuf
sec-ch-ua-full-version: "126.0.6478.126"
Referer: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.iw.8XAm2aX0MxQ.O%2Fam%3DAAAQ%2Fd%3D1%2Frs%3DAHpOoo9M1pt2BBqzY7tBnVvVATSmXQ0fqQ%2Fm%3D__features__
X-JavaScript-User-Agent: google-api-javascript-client/1.1.0
X-Referer: https://cloud.google.com

Response headers

strict-transport-security: max-age=10886400; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 27 Jun 2024 03:54:17 GMT
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
0 331ms
118ms Fetch
text/plain 216.239.36.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&_ng=1&gtm=45je46q0v873759632z8897536842za200zb897536842&_p=1719460456074&_gaz=1&gcs=G111&gcd=13r3r3l3l5&npa=0&dma=0&tag_exp=0&cid=921390786.1719460457&ul=he-il&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fcloud.google-b197145817.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations%2F&sid=1719460457&sct=1&seg=0&dt=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&en=active_experiments&_fv=1&_ss=1&ep.is_queued=false&epn.event_number=0&epn.queue_batch_number=0&epn.queue_batch_hit_number=0&ep.country=IL&ep.is_internal_user=false&ep.language_served=en&ep.is_signed_in=false&ep.non_interaction=true&ep.active_experiments=48610513%2C97608130%2C97517170%2C93880156%2C1714257%2C48830069%2C93778619%2C48554497%2C48887080%2C97608950%2C97442197%2C97535270%2C93874002%2C48509040%2C1706538%2C48897392%2C48489826%2C97605796%2C97517154%2C93880140%2C48887064%2C97442181%2C93873986%2C48509038&ep.has_cj_refparam=false&ep.is_eea=false&tfd=3350&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.36.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cloud.google.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 355ms
116ms Ping
text/plain 74.125.71.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-WH2QY8WWF5&cid=921390786.1719460457&gtm=45je46q0v873759632z8897536842za200zb897536842&aip=1&dma=0&gcs=G111&gcd=13r3r3l3l5&npa=0&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WH2QY8WWF5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.71.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wn-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cloud.google.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

204

https://analytics.google.com/g/collect?v=2&tid=G-WH2QY8WWF5&_ng=1&gtm=45je46q0v873759632z8897536842za200zb897536842&_p=1719460456074&gcs=G111&gcd=13r3r3l3l5&npa=0&dma=0&tag_exp=0&cid=921390786.1719...
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=921390786.1719460457&dbk=7875973087811684462&dma=0&en=page_view&gcs=G111&gtm=45je46q0v873759632z8897536842za200zb897536...

0
0

160ms
160ms

Fetch
text/plain

142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=921390786.1719460457&dbk=7875973087811684462&dma=0&en=page_view&gcs=G111&gtm=45je46q0v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F
Requested by: Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
Protocol: H3
Server: 142.250.186.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=921390786.1719460457&dbk=7875973087811684462&dma=0&en=page_view&gcs=G111&gtm=45je46q0v873759632z8897536842za200zb897536842&npa=0&tid=G-WH2QY8WWF5&dl=https%3A%2F%2Fcloud.google-b197145817.com%3F
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 504
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.il/ads/ 42 B
409 B 379ms
126ms Image
image/gif 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-WH2QY8WWF5&cid=921390786.1719460457&gtm=45je46q0v873759632z8897536842za200zb897536842&aip=1&dma=0&gcs=G111&gcd=13r3r3l3l5&npa=0&frm=0&z=453828874

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

dc_pre=CMiEsq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=*;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CMiEsq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=652882424;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CMiEsq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=*;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

357ms
157ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMiEsq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=*;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CMiEsq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=*;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CI79r67x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=*;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CI79r67x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=262472125;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CI79r67x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=*;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

395ms
158ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CI79r67x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=*;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CI79r67x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=*;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CKeUua7x-oYDFQcQogMdO0MDog;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=*;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CKeUua7x-oYDFQcQogMdO0MDog;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=844516235;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CKeUua7x-oYDFQcQogMdO0MDog;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=*;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

264ms
163ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKeUua7x-oYDFQcQogMdO0MDog;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=*;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CKeUua7x-oYDFQcQogMdO0MDog;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=*;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CPjFuq7x-oYDFT4WogMdNJoAlQ;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=*;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CPjFuq7x-oYDFT4WogMdNJoAlQ;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=750811216;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CPjFuq7x-oYDFT4WogMdNJoAlQ;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=*;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

231ms
157ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPjFuq7x-oYDFT4WogMdNJoAlQ;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=*;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CPjFuq7x-oYDFT4WogMdNJoAlQ;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=*;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CIbguq7x-oYDFS4JogMdyYcIng;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=*;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126....
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0....
https://ad.doubleclick.net/activity;dc_pre=CIbguq7x-oYDFS4JogMdyYcIng;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2080127778;uaa=x86;u...
https://adservice.google.com/ddm/fls/z/dc_pre=CIbguq7x-oYDFS4JogMdyYcIng;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=*;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%...

42 B
63 B

234ms
163ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIbguq7x-oYDFS4JogMdyYcIng;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=*;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CIbguq7x-oYDFS4JogMdyYcIng;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=*;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CMrfuq7x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=*;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CMrfuq7x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=661182827;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CMrfuq7x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=*;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

238ms
164ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMrfuq7x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=*;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CMrfuq7x-oYDFScLogMds48N5g;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=*;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CP7huq7x-oYDFdgXogMdfscAtw;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=*;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CP7huq7x-oYDFdgXogMdfscAtw;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=601067942;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CP7huq7x-oYDFdgXogMdfscAtw;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=*;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

236ms
162ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CP7huq7x-oYDFdgXogMdfscAtw;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=*;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CP7huq7x-oYDFdgXogMdfscAtw;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=*;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CPvhuq7x-oYDFdkOogMdWqEMoQ;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=*;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126....
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0....
https://ad.doubleclick.net/activity;dc_pre=CPvhuq7x-oYDFdkOogMdWqEMoQ;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=1520988579;uaa=x86;u...
https://adservice.google.com/ddm/fls/z/dc_pre=CPvhuq7x-oYDFdkOogMdWqEMoQ;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=*;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%...

42 B
63 B

235ms
162ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPvhuq7x-oYDFdkOogMdWqEMoQ;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=*;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CPvhuq7x-oYDFdkOogMdWqEMoQ;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=*;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CN_huq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=*;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CN_huq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=828960077;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CN_huq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=*;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

232ms
161ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CN_huq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=*;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CN_huq7x-oYDFWAcogMd01sgVQ;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=*;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CMyhu67x-oYDFdUYogMdZ04MHA;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=*;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126....
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0....
https://ad.doubleclick.net/activity;dc_pre=CMyhu67x-oYDFdUYogMdZ04MHA;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2012747439;uaa=x86;u...
https://adservice.google.com/ddm/fls/z/dc_pre=CMyhu67x-oYDFdUYogMdZ04MHA;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=*;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%...

42 B
63 B

355ms
300ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMyhu67x-oYDFdUYogMdZ04MHA;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=*;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CMyhu67x-oYDFdUYogMdZ04MHA;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=*;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CPDevK7x-oYDFVgOogMd5GcFwg;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=*;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CPDevK7x-oYDFVgOogMd5GcFwg;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=947874820;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CPDevK7x-oYDFVgOogMd5GcFwg;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=*;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

212ms
164ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPDevK7x-oYDFVgOogMd5GcFwg;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=*;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CPDevK7x-oYDFVgOogMd5GcFwg;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=*;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H3

200

dc_pre=CILhvK7x-oYDFQcQogMdO0MDog;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=*;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.12...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=422427630.1719460457;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChr...
https://ad.doubleclick.net/activity;dc_pre=CILhvK7x-oYDFQcQogMdO0MDog;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=422427630.1719460457;ps=1;pcor=1475454419;uaa=x86;uab=64;uaf...
https://adservice.google.com/ddm/fls/z/dc_pre=CILhvK7x-oYDFQcQogMdO0MDog;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=*;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Bra...

42 B
63 B

347ms
308ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CILhvK7x-oYDFQcQogMdO0MDog;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=*;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CILhvK7x-oYDFQcQogMdO0MDog;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=*;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activity;register_conversion=1;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=422427630.1719460457;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium...
ad.doubleclick.net/ 0
23 B 217ms
214ms Image
image/png 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=2507573;type=cloud;cat=enter006;ord=2703335117413;npa=0;auiddc=422427630.1719460457;ps=1;pcor=1475454419;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0v9181638614z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 03:54:18 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"286137379035511862"}],"aggregatable_trigger_data":[{"filters":[{"14":["6459966"]}],"key_piece":"0xfe9eba4d4717d125","source_keys":["12","13","14","15","16","17","18","19","20","21","628469716","628469717","628469718","628469719","628808432","628808433","628808434","628808435","628819688","628819689","628819690","628819691","628837988","628837989","628837990","628837991","628857600","628857601","628857602","628857603","628858696","628858697","628858698","628858699","634941572","634941573","634941574","634941575","634947900","634947901","634947902","634947903"]},{"key_piece":"0xb4653b6ced6ebf56","not_filters":{"14":["6459966"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628469716","628469717","628469718","628469719","628808432","628808433","628808434","628808435","628819688","628819689","628819690","628819691","628837988","628837989","628837990","628837991","628857600","628857601","628857602","628857603","628858696","628858697","628858698","628858699","634941572","634941573","634941574","634941575","634947900","634947901","634947902","634947903"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628469716":32,"628469717":32,"628469718":32,"628469719":3177,"628808432":32,"628808433":32,"628808434":32,"628808435":3177,"628819688":34,"628819689":34,"628819690":34,"628819691":3345,"628837988":32,"628837989":32,"628837990":32,"628837991":3177,"628857600":32,"628857601":32,"628857602":32,"628857603":3177,"628858696":32,"628858697":32,"628858698":32,"628858699":3177,"634941572":34,"634941573":34,"634941574":34,"634941575":3345,"634947900":40,"634947901":40,"634947902":40,"634947903":3973},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"16991752011424356279","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"286137379035511862","filters":[{"14":["6459966"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"286137379035511862","filters":[{"14":["6459966"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"286137379035511862","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"286137379035511862","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["2507573"]}}
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
attribution-reporting-info: preferred-platform=os
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/16541431319/ 4 KB
2 KB 129ms
128ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16541431319/?random=1719460457732&cv=11&fst=1719460457732&bg=ffffff&guid=ON&async=1&gtm=45be46q0v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-16541431319&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

f82dad35150c824fe610e961363268a383b1ca682eb92296ecc2dd2a248075a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1534
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11082232239/ 4 KB
2 KB 129ms
129ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11082232239/?random=1719460457761&cv=11&fst=1719460457761&bg=ffffff&guid=ON&async=1&gtm=45be46q0v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-11082232239&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

0f9d76dd118a4adb52279cae3df26faabea4142881870be392706b992abd48a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1531
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10836211492/ 4 KB
2 KB 128ms
128ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10836211492/?random=1719460457793&cv=11&fst=1719460457793&bg=ffffff&guid=ON&async=1&gtm=45be46q0v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10836211492&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

8e9fe35356961080042f3eed93151989ed9d7f75466d0f6833331cd6e81e03ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1533
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/16541431319/ 42 B
64 B 133ms
132ms Image
image/gif 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/16541431319/?random=1719460457732&cv=11&fst=1719457200000&bg=ffffff&guid=ON&async=1&gtm=45be46q0v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLQ3ofXylnEGwL6_TWdSOspUU6ktt-IsfTWAgyy3zpHO9pwN6g&random=2416910307&rmt_tld=0&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/16541431319/ 42 B
155 B 126ms
125ms Image
image/gif 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/16541431319/?random=1719460457732&cv=11&fst=1719457200000&bg=ffffff&guid=ON&async=1&gtm=45be46q0v9183668572z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLQ3ofXylnEGwL6_TWdSOspUU6ktt-IsfTWAgyy3zpHO9pwN6g&random=2416910307&rmt_tld=1&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/11082232239/ 42 B
64 B 132ms
132ms Image
image/gif 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11082232239/?random=1719460457761&cv=11&fst=1719457200000&bg=ffffff&guid=ON&async=1&gtm=45be46q0v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLDIzPCCsBCE5EBCIPLLz-Js_zJEMaAEsyYyHmOczZ6da86erO&random=1662040717&rmt_tld=0&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/11082232239/ 42 B
109 B 127ms
126ms Image
image/gif 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/11082232239/?random=1719460457761&cv=11&fst=1719457200000&bg=ffffff&guid=ON&async=1&gtm=45be46q0v9101670439z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLDIzPCCsBCE5EBCIPLLz-Js_zJEMaAEsyYyHmOczZ6da86erO&random=1662040717&rmt_tld=1&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10836211492/ 42 B
64 B 133ms
132ms Image
image/gif 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10836211492/?random=1719460457793&cv=11&fst=1719457200000&bg=ffffff&guid=ON&async=1&gtm=45be46q0v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLB8E1hn1zxeE9LNtmmhR8N96_cmuXQgPt0_958lTRQ_y4C1K5&random=2743872347&rmt_tld=0&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/10836211492/ 42 B
109 B 128ms
127ms Image
image/gif 142.250.185.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/10836211492/?random=1719460457793&cv=11&fst=1719457200000&bg=ffffff&guid=ON&async=1&gtm=45be46q0v875695591z89175119176za201zb9175119176&gcd=13r3r3l3l5&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Funcovering-unc3886-espionage-operations&hn=www.googleadservices.com&frm=0&tiba=Cloaked%20and%20Covert%3A%20Uncovering%20UNC3886%20Espionage%20Operations%20%7C%20Google%20Cloud%20Blog&npa=0&pscdl=noapi&auid=422427630.1719460457&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDaQooLB8E1hn1zxeE9LNtmmhR8N96_cmuXQgPt0_958lTRQ_y4C1K5&random=2743872347&rmt_tld=1&ipr=y

Requested by

Host: cloud.google.com
URL: https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 log Show response
cloud.google.com/ 131 B
155 B 151ms
150ms Fetch
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-platform-version: "10.0.0"
X-Goog-AuthUser: 0
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-full-version: "126.0.6478.126"
Referer: https://cloud.google.com/

Response headers

date: Thu, 27 Jun 2024 03:54:18 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cloud.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 27 Jun 2024 03:54:18 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,... 3 KB
2 KB 117ms
116ms Script
text/javascript 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.pfgjMlvOsPE.es5.O/ck=boq-cloudx-web-blog.TransformBlogUi.K0oUqHoWNNk.L.B1.O/am=MAx0Fg/d=1/exm=A7fCU,BBI74,BVgquf,CHCSlb,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NsSboe,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,Pkx8hb,PrPYRd,QIhFr,RMhBfe,RqjULd,SCGBie,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,YSybTb,Yq43cc,Z3rB,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,bm51tf,byfTOb,e5qFLc,fKUV3e,fmklff,gychg,hc6Ubd,kWgXee,kxO7ab,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,mzzZzc,n73qwf,o60eef,oTg6l,ovKuLd,pjICDe,pw70Gc,rJ9tU,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,articleview/ed=1/wt=2/ujg=1/rs=AHrnUqU0-CYl7a-bs6NMzxlohIscTdccAw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

88ba2aee10c5471d46a126a6297b5e46126a405a63b2ceb93720d9f7e976c378

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/cloudx-web-blog-boq-js-css-signers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Jun 2024 05:16:37 GMT
age: 81461
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1691
x-xss-protection: 0
last-modified: Fri, 21 Jun 2024 08:16:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/cloudx-web-blog-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/cloudx-web-blog-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/cloudx-web-blog-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jun 2025 05:16:37 GMT

GET
H3

200

dc_pre=CJOn5q7x-oYDFaYOogMdfiUCWw;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=*;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0...
https://ad.doubleclick.net/activity;dc_pre=CJOn5q7x-oYDFaYOogMdfiUCWw;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=398430512;uaa=x86;ua...
https://adservice.google.com/ddm/fls/z/dc_pre=CJOn5q7x-oYDFaYOogMdfiUCWw;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=*;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%2...

42 B
63 B

154ms
153ms

Image
image/gif

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJOn5q7x-oYDFaYOogMdfiUCWw;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=*;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://cloud.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 27 Jun 2024 03:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/dc_pre=CJOn5q7x-oYDFaYOogMdfiUCWw;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=*;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7C...
ad.doubleclick.net/ 0
0

GET
H2 200 favicon.ico
ssl.gstatic.com/cloud/images/icons/ 5 KB
1 KB 374ms
117ms Other
image/x-icon 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/cloud/images/icons/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://cloud.google.com/
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 09:05:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 154123
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1046
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 04:48:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/x-icon
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 25 Jun 2025 09:05:36 GMT

POST
H3 200 browserinfo Show response
cloud.google.com/blog/_/TransformBlogUi/ 92 B
135 B 196ms
196ms XHR
application/json 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.google.com/blog/_/TransformBlogUi/browserinfo?f.sid=-3922873728506224286&bl=boq_cloudx-web-blog-uiserver_20240624.08_p1&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=24859&rt=j

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

a7c82df17587cdf294b28cb757eb6b970495ded51b0d5c2ab38897ec3b2279ee

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-Same-Domain: 1
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-arch: "x86"
sec-ch-ua-form-factors
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.126", "Google Chrome";v="126.0.6478.126"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Win32"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
sec-ch-ua-full-version: "126.0.6478.126"
Referer: https://cloud.google.com/

Response headers

date: Thu, 27 Jun 2024 03:54:18 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
content-encoding: gzip
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9800845551956;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=652882424;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9377687470658;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=262472125;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=9384061172804;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=844516235;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4335810641947;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=750811216;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=5532673482077;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2080127778;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=8241444234422;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=661182827;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6868293545836;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=601067942;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=3248056469439;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=1520988579;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6088562537248;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=828960077;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=1451788862807;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=2012747439;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=6100773588766;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=947874820;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=7546819;type=googl003;cat=googl002;ord=4619967920972;npa=0;auiddc=422427630.1719460457;u6=IL;ps=1;pcor=398430512;uaa=x86;uab=64;uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe46q0z89175119176za201zb9175119176;gcs=G111;gcd=13r3r3l3l5;dma=0;tag_exp=0;epver=2?

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cloud.google.com/	1970-01-21 01:56:52	Name: __utmz Value: 1.utmcsr=(direct)\|utmcmd=(none)\|utmccn=(direct)
.cloud.google.com/	1970-01-21 07:13:40	Name: _ga Value: GA1.1.921390786.1719460457
.cloud.google.com/	1970-01-21 07:13:40	Name: _ga_WH2QY8WWF5 Value: GS1.1.1719460457.1.1.1719460457.60.0.0
.cloud.google.com/	1970-01-20 23:47:16	Name: _gcl_au Value: 1.1.422427630.1719460457
.doubleclick.net/	1970-01-21 07:13:40	Name: IDE Value: AHWqTUlIn15BGcOToD4Vud5vhc8YY9JHgu90rF6gAaWCmDs0_DeeIZflEQN21dUp
.doubleclick.net/	1970-01-21 01:56:52	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-20 22:20:52	Name: ar_debug Value: 1
.google.com/	1970-01-21 02:01:11	Name: NID Value: 515=p1rDYLpI8K_Y-fr1SqGjjK_LQpWJ94Fe7nUlu9erJWCpoH84fTE5wgaT3jqezi7Ryh8rDTyZ6le9m2yFBfhGeuE3L4jXxqKfH-LWhb4NHPmJEk09Aqvh9IF_OMQAnPPgH1CIBR6UW2PMYnc2Ipp5gVS-pqsMkL9X9DYrM6xGc4M
cloud.google.com/	1970-01-20 22:20:52	Name: OTZ Value: 7619274_44_48_120960_44_365700

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7_tPbcUfNgiCTP_4RNBZ1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/;report-uri /blog/_/TransformBlogUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
analytics.google.com
apis.google.com
cloud.google.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
scone-pa.clients6.google.com
ssl.gstatic.com
stats.g.doubleclick.net
storage.googleapis.com
www.google-analytics.com
www.google.co.il
www.google.com
www.googletagmanager.com
www.gstatic.com
ad.doubleclick.net
142.250.181.227
142.250.184.195
142.250.184.228
142.250.185.110
142.250.185.162
142.250.185.195
142.250.185.72
142.250.185.78
142.250.185.99
142.250.186.110
142.250.186.70
142.250.186.74
216.239.36.181
216.58.206.42
216.58.206.59
216.58.212.162
74.125.71.156
05c4ae711321b40111d466573d0e3f21539a01399be7ce2eb3b527bd3ec25bcb
0f9d76dd118a4adb52279cae3df26faabea4142881870be392706b992abd48a7
2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0
32767a8443a208b09f5832a13b2a26e0d30c7d9e915baef7e507555990bca9c2
3f4547cbf4dc86783668c3ec03f03cfae34eaa23366fdb5392b225735ad5f9ba
483f202789ed694c70f16e9ca008533be41fc8f9ddc44d832f5818cef0ac85f2
4bb9d2474af5c359099ddd57adbb13af5207df140c95ada532a3766647bb4978
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5551c295af3167fc0c7c014fb8f21f93056760937e508b1e4d2cf37bc45eebb0
5afc979307c738ea941000f362874af7096196a9e6f70a850b73dcc6341f4c16
5f8e85ad05f888bc475b93312fc8c80af8193347af3042ac7027903be6b319da
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6b725f0a72dbaa6aeeb0f262d1cf5afa1fb05c8e1ca4512c6ac0c8e4b20fa59a
6c9c382bb1800105efcf55b9002ec41d3ee31d1a34b7f32433f1670bc14c1859
70627f4a2f3aedad835bf6da95f3a98514c8f15d83b50888b290fdaf96c3043d
715d29345210173d6f01430863e23ca08ffa68fd2b47fc387603a669a667862a
8300ba70904617a47a80e9098fe00b3f7aefd328519318c420289b0bbdfb5e2c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83644f67e59644e43061fa7f5040a79980e69179e8aa30f00a24b40a584673b7
87544d208368586afb32889de68803c6347f9b2131ae55b5b963f0248d716b22
88ba2aee10c5471d46a126a6297b5e46126a405a63b2ceb93720d9f7e976c378
8e9fe35356961080042f3eed93151989ed9d7f75466d0f6833331cd6e81e03ef
933383d6ea4ba16f639358e67257905c0d28788a8dec5e25a2856ea1814d827a
988a11bf17c78d42439ca23c9c1c0a131c01c3faf105399139fba923f4c6210f
9da9a2f80bc4b8ae284fde2472d43ebcde72e9fdf8cd53c25d04847ded0c3621
a0a1f98fca203b8561519a06bacfdc50e4b3c4a5a71e740da5b0875bd4fc00d6
a7c82df17587cdf294b28cb757eb6b970495ded51b0d5c2ab38897ec3b2279ee
ac6d7e38683ac10c1ba7b2aa68b940f020a583b63cd7e869cb8e87af9ad12361
b3a8c82132300731d19be39214dded159c5e3e8715e956adb88d8b317c455495
b61a964df7112d25a56d4afce1e0db78304cc3d148087daa96185f6a93a87164
c64d4e621adbcc54a58cad839ff4223818b1fd3f234d16e4ae0599bafb0a616e
c8d0f8f90cfd7f8f6355fd98ad780553247dfb35a54d944517d9b8b40b9da20c
d072452519cf4773733cf78cfc17c48c7c6227f7e79e372f41bff75976b5640e
d1ad5d73ed0a9340420a1fc2e3457d6ae41c00281a541bdbcd1656c56da7c1b4
e0f76ae40db7f1d269422a351f8ccf48b5dc09141522500cb636a01167f4985c
e1673c8fffd3fe16ab442ce4fb8fdec0481235c76bbee8ad6063c254453a4466
e301cc90d132832ecb405a41ecd7b0be5dab12c496fe6bf3710d2e771190257a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb5fae4b7c9ee35d9b880576769d4e9bbe6f8798ac0fd771e59b02ca630d1cc0
eb73ed3f9cc729604c26b3932945af24bc1eef53595aacb062afa1425e18ef2b
ebc186db35ca33bfd75eb1b9bc01c8502f07d90a08e17aa280296043b10e28a7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f36242b1ab1ac1316640455b84d157e26487bfbb2b847c6dd4107d6ca071617f
f82dad35150c824fe610e961363268a383b1ca682eb92296ecc2dd2a248075a3
f8e30cd9f031cc7e3d1e102179c8aa0b64e11659564659c5538ca975b0e90bfa
fb291ac84525f2c38f4d63dbc29998bf5cbb450caaeab7606c776d87db196555

cloud.google.com Open in urlscan Pro 142.250.185.78 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

82 Requests

67 %HTTPS

0 %IPv6

7 Domains

17 Subdomains

18 IPs

1 Countries

1821 kBTransfer

6337 kBSize

9 Cookies

29 Outgoing links

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

cloud.google.com Open in urlscan Pro
142.250.185.78 Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

67 %
HTTPS

0 %
IPv6

7
Domains

17
Subdomains

18
IPs

1
Countries

1821 kB
Transfer

6337 kB
Size

9
Cookies

82 HTTP transactions
1 data transactions