Executive Summary
17
/ 100
LOW EXPOSURE
- SSL Issues: 2/20
- Missing Headers: 11/20
- DNS Issues: 3/15
- Admin Exposure: 0/15
Scope & Methodology
Assessment method: passive, non-destructive reconnaissance only. No brute force, payload injection, or exploitation techniques were used.
- DNS, certificate transparency, archive intelligence, and metadata inspection
- Homepage-depth surface extraction and header posture review
- Historical URL triage and weighted exposure scoring
Subdomains
| Name | Status | IP | CDN |
|---|---|---|---|
| accounts.flexpack.google.com | UNRESOLVABLE | - | - |
| accounts.freezone.google.com | UNRESOLVABLE | - | - |
| accounts.google.com | REDIRECT | 192.178.211.84 | - |
| ads-compare.eem.corp.google.com | UNRESOLVABLE | - | - |
| adwords.google.com | UNRESOLVABLE | 192.178.211.101 | - |
| alt1.aspmx.l.google.com | LIVE | 172.217.221.27 | - |
| alt1.gmail-smtp-in.l.google.com | LIVE | 172.217.221.27 | - |
| alt1.gmr-smtp-in.l.google.com | LIVE | 172.217.221.14 | - |
| alt2.aspmx.l.google.com | LIVE | 192.178.163.26 | - |
| alt2.gmail-smtp-in.l.google.com | LIVE | 192.178.163.27 | - |
| alt2.gmr-smtp-in.l.google.com | LIVE | 192.178.163.14 | - |
| alt3.aspmx.l.google.com | LIVE | 172.217.78.26 | - |
| alt3.gmail-smtp-in.l.google.com | LIVE | 172.217.78.27 | - |
| alt3.gmr-smtp-in.l.google.com | LIVE | 172.217.78.14 | - |
| alt4.aspmx.l.google.com | LIVE | 142.250.101.26 | - |
| alt4.gmail-smtp-in.l.google.com | LIVE | 142.250.101.27 | - |
| alt4.gmr-smtp-in.l.google.com | LIVE | 142.250.101.14 | - |
| answers.google.com | REDIRECT | 142.250.206.14 | - |
| apis.corp.google.com | UNRESOLVABLE | - | - |
| appengine.google.com | REDIRECT | 142.250.206.14 | - |
| apps-secure-data-connector.google.com | UNRESOLVABLE | - | - |
| aspmx.l.google.com | LIVE | 142.250.4.26 | - |
| audioads.google.com | UNRESOLVABLE | 142.251.220.110 | - |
| auth.corp.google.com | UNRESOLVABLE | - | - |
| bigstore-test.corp.google.com | UNRESOLVABLE | - | - |
| bigstore.corp.google.com | REDIRECT | 172.253.118.129 | - |
| blogger.corp.google.com | UNRESOLVABLE | - | - |
| blogspot.corp.google.com | UNRESOLVABLE | - | - |
| c.docs.google.com | UNRESOLVABLE | - | - |
| c.pack.google.com | UNRESOLVABLE | - | - |
| c.play.google.com | UNRESOLVABLE | - | - |
| c.video.google.com | UNRESOLVABLE | - | - |
| cache1.c.docs.google.com | UNRESOLVABLE | - | - |
| cache1.c.play.google.com | UNRESOLVABLE | - | - |
| cache1.c.video.google.com | UNRESOLVABLE | - | - |
| cache2.c.docs.google.com | UNRESOLVABLE | - | - |
| cache2.c.play.google.com | UNRESOLVABLE | - | - |
| cache2.c.video.google.com | UNRESOLVABLE | - | - |
| cache3.c.docs.google.com | UNRESOLVABLE | - | - |
| cache3.c.play.google.com | UNRESOLVABLE | - | - |
| cache3.c.video.google.com | UNRESOLVABLE | - | - |
| cache4.c.docs.google.com | UNRESOLVABLE | - | - |
| cache4.c.play.google.com | UNRESOLVABLE | - | - |
| cache4.c.video.google.com | UNRESOLVABLE | - | - |
| cache5.c.docs.google.com | UNRESOLVABLE | - | - |
| cache5.c.play.google.com | UNRESOLVABLE | - | - |
| cache5.c.video.google.com | UNRESOLVABLE | - | - |
| cache6.c.docs.google.com | UNRESOLVABLE | - | - |
| cache6.c.play.google.com | UNRESOLVABLE | - | - |
| cache6.c.video.google.com | UNRESOLVABLE | - | - |
| cache7.c.docs.google.com | UNRESOLVABLE | - | - |
| cache7.c.play.google.com | UNRESOLVABLE | - | - |
| cache7.c.video.google.com | UNRESOLVABLE | - | - |
| cache8.c.docs.google.com | UNRESOLVABLE | - | - |
| cache8.c.play.google.com | UNRESOLVABLE | - | - |
| cache8.c.video.google.com | UNRESOLVABLE | - | - |
| cag.ext.google.com | UNRESOLVABLE | - | - |
| cert-test.sandbox.google.com | LIVE | 74.125.68.90 | - |
| checkout.google.com | UNRESOLVABLE | - | - |
| chrome.google.com | REDIRECT | 142.250.206.14 | - |
| client-channel.google.com | UNRESOLVABLE | 142.251.43.46 | - |
| clients.google.com | UNRESOLVABLE | - | - |
| cloud.google.com | LIVE | 142.251.221.174 | - |
| cod.ext.google.com | LIVE | 216.239.44.73 | - |
| code.google.com | LIVE | 142.251.222.174 | - |
| corp-backups.corp.google.com | UNRESOLVABLE | - | - |
| corp.google.com | UNRESOLVABLE | 142.250.4.129 | - |
| da.ext.corp.google.com | UNRESOLVABLE | - | - |
| da.ext.google.com | UNRESOLVABLE | - | - |
| dasher-qa.corp.google.com | UNRESOLVABLE | 172.253.118.129 | - |
| dasher.corp.google.com | REDIRECT | 172.253.118.129 | - |
| demetrius-codespot.corp.google.com | UNRESOLVABLE | - | - |
| demetrius-googlecode.corp.google.com | UNRESOLVABLE | - | - |
| demetrius.corp.google.com | UNRESOLVABLE | - | - |
| desktop.l.google.com | UNRESOLVABLE | 142.250.77.100 | - |
| devconsole-testers.sandbox.google.com | UNRESOLVABLE | 172.217.194.81 | - |
| developer.google.com | REDIRECT | 142.251.43.238 | - |
| developers.google.com | LIVE | 142.250.205.142 | - |
| dfa7.corp.google.com | UNRESOLVABLE | - | - |
| dg.video.google.com | UNRESOLVABLE | 172.217.194.176 | - |
| docs-dev.corp.google.com | UNRESOLVABLE | 172.253.118.129 | - |
| docs-nightly.corp.google.com | UNRESOLVABLE | - | - |
| docs-platinum.corp.google.com | UNRESOLVABLE | - | - |
| docs-qa.corp.google.com | REDIRECT | 172.253.118.129 | - |
| docs.google.com | REDIRECT | 142.251.220.110 | - |
| docs.sandbox.google.com | REDIRECT | 142.250.4.81 | - |
| drive-test.corp.google.com | UNRESOLVABLE | - | - |
| drive.google.com | REDIRECT | 172.217.24.14 | - |
| drive.sandbox.google.com | REDIRECT | 172.253.118.81 | - |
| dthree.corp.google.com | UNRESOLVABLE | - | - |
| ecc-test.sandbox.google.com | LIVE | 142.251.12.81 | - |
| eggroll.ext.google.com | LIVE | 216.239.44.90 | - |
| ext.google.com | UNRESOLVABLE | - | - |
| flexpack.google.com | UNRESOLVABLE | - | - |
| focus.corp.google.com | UNRESOLVABLE | - | - |
| fra-da.ext.google.com | UNRESOLVABLE | - | - |
| freezone.accounts.google.com | UNRESOLVABLE | - | - |
| freezone.google.com | UNRESOLVABLE | - | - |
| freezone.m.google.com | UNRESOLVABLE | - | - |
| freezone.mail.google.com | UNRESOLVABLE | - | - |
| friendconnect.google.com | UNRESOLVABLE | 142.250.206.14 | - |
| gaiastaging.flexpack.google.com | UNRESOLVABLE | - | - |
| gaiastaging.freezone.google.com | UNRESOLVABLE | - | - |
| games.corp.google.com | UNRESOLVABLE | - | - |
| ghs.google.com | LIVE | 142.250.67.51 | - |
| git.corp.google.com | REDIRECT | 172.253.118.129 | - |
| glass-eur.ext.google.com | UNRESOLVABLE | - | - |
| glass-mtv.ext.google.com | UNRESOLVABLE | - | - |
| glass-twd.ext.google.com | UNRESOLVABLE | - | - |
| glass.ext.google.com | UNRESOLVABLE | - | - |
| gmail-smtp-in.l.google.com | LIVE | 74.125.24.27 | - |
| gmail.google.com | REDIRECT | 142.250.206.14 | - |
| gmr-smtp-in.l.google.com | LIVE | 74.125.200.14 | - |
| google-proxy-74-125-212-167.google.com | LIVE | 74.125.212.167 | - |
| google.com | REDIRECT | 142.251.222.206 | - |
| googlesource.corp.google.com | UNRESOLVABLE | - | - |
| groups.google.com | REDIRECT | 64.233.170.113 | - |
| hosted-id.google.com | UNRESOLVABLE | - | - |
| hot-da.ext.google.com | UNRESOLVABLE | - | - |
| hyd-da.ext.google.com | UNRESOLVABLE | - | - |
| ice.ext.google.com | UNRESOLVABLE | - | - |
| ics.prod.google.com | UNRESOLVABLE | - | - |
| images.google.com | LIVE | 142.250.206.14 | - |
| images.l.google.com | UNRESOLVABLE | 142.250.206.14 | - |
| jaiku.l.google.com | UNRESOLVABLE | 142.250.77.113 | - |
| jmt0.google.com | UNRESOLVABLE | 142.250.206.14 | - |
| jotspot-qa08.corp.google.com | UNRESOLVABLE | - | - |
| login.corp.google.com | LIVE | 172.253.118.129 | - |
| loop.corp.google.com | UNRESOLVABLE | - | - |
| m.google.com | REDIRECT | 142.251.43.235 | - |
| m.guts.corp.google.com | REDIRECT | 172.253.118.129 | - |
| m.gutsdev.corp.google.com | REDIRECT | 172.253.118.129 | - |
| mail-ua1-f9.google.com | LIVE | 209.85.222.9 | - |
| mail-vk1-f251.google.com | LIVE | 209.85.221.251 | - |
| mail.flexpack.google.com | UNRESOLVABLE | - | - |
| mail.freezone.google.com | UNRESOLVABLE | - | - |
| mail.google.com | REDIRECT | 142.250.205.69 | - |
| meeting.ext.google.com | UNRESOLVABLE | - | - |
| misc-sni.google.com | UNRESOLVABLE | - | - |
| misc.google.com | UNRESOLVABLE | - | - |
| mtalk.google.com | LIVE | 172.253.118.188 | - |
| mtv-da-1.ad.corp.google.com | UNRESOLVABLE | - | - |
| mtv-da.corp.google.com | UNRESOLVABLE | - | - |
| mtv-da.ext.google.com | LIVE | 216.239.45.170 | - |
| mx.google.com | UNRESOLVABLE | - | - |
| mygeist.corp.google.com | UNRESOLVABLE | - | - |
| mygeist2010.corp.google.com | UNRESOLVABLE | - | - |
| news-cctld.l.google.com | UNRESOLVABLE | 142.251.222.131 | - |
| news.freezone.google.com | UNRESOLVABLE | - | - |
| onex.wifi.google.com | UNRESOLVABLE | - | - |
| orkut-fixprod.corp.google.com | UNRESOLVABLE | - | - |
| orkut-impersonation.corp.google.com | UNRESOLVABLE | - | - |
| orkut-ocdemo.corp.google.com | UNRESOLVABLE | - | - |
| orkut-qa.corp.google.com | UNRESOLVABLE | - | - |
| orkut-staging.corp.google.com | UNRESOLVABLE | - | - |
| orkut-uberproxy.corp.google.com | UNRESOLVABLE | - | - |
| orkut-vctask0.corp.google.com | UNRESOLVABLE | - | - |
| orkut-vcvrfy.corp.google.com | UNRESOLVABLE | - | - |
| orkut-yhtask0.corp.google.com | UNRESOLVABLE | - | - |
| orkut-yhvrfy.corp.google.com | UNRESOLVABLE | - | - |
| orkut-yqtask0.corp.google.com | UNRESOLVABLE | - | - |
| orkut-yqvrfy.corp.google.com | UNRESOLVABLE | - | - |
| oz-gmail.corp.google.com | UNRESOLVABLE | - | - |
| oz-s2.corp.google.com | UNRESOLVABLE | - | - |
| oz-www.corp.google.com | UNRESOLVABLE | - | - |
| photos.google.com | REDIRECT | 142.250.206.14 | - |
| plus.corp.google.com | UNRESOLVABLE | - | - |
| plus.flexpack.google.com | UNRESOLVABLE | - | - |
| plus.freezone.google.com | UNRESOLVABLE | - | - |
| plus.google.com | REDIRECT | 142.251.223.14 | - |
| plusone.corp.google.com | UNRESOLVABLE | - | - |
| postini.corp.google.com | UNRESOLVABLE | - | - |
| profiles.corp.google.com | UNRESOLVABLE | - | - |
| prom-qa.corp.google.com | UNRESOLVABLE | - | - |
| prom-qa.sandbox.google.com | UNRESOLVABLE | - | - |
| prom-test.corp.google.com | UNRESOLVABLE | - | - |
| prom-test.sandbox.google.com | UNRESOLVABLE | 74.125.24.81 | - |
| prom.corp.google.com | REDIRECT | 172.253.118.129 | - |
| proxyconfig.corp.google.com | REDIRECT | 172.253.118.129 | - |
| pub-5701735781782373.afd.ghs.google.com | LIVE | 142.250.205.115 | - |
| qa.adz.google.com | UNRESOLVABLE | - | - |
| rate-limited-proxy-74-125-149-19.google.com | LIVE | 74.125.149.19 | - |
| rate-limited-proxy-74-125-151-227.google.com | LIVE | 74.125.151.227 | - |
| rate-limited-proxy-74-125-218-131.google.com | LIVE | 74.125.218.131 | - |
| reseed.corp.google.com | UNRESOLVABLE | - | - |
| sandbox.google.com | UNRESOLVABLE | 172.253.118.81 | - |
| script.sandbox.google.com | REDIRECT | 142.250.4.81 | - |
| search.corp.google.com | REDIRECT | 172.253.118.129 | - |
| search.flexpack.google.com | UNRESOLVABLE | - | - |
| search.freezone.google.com | UNRESOLVABLE | - | - |
| services.google.com | REDIRECT | 142.250.206.14 | - |
| sites-googlegroups-nightly.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa01.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa02.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa03.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa04.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa05.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa06.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa07.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-qa08.corp.google.com | UNRESOLVABLE | - | - |
| sites-googlegroups-tctest.corp.google.com | UNRESOLVABLE | - | - |
| sites.google.com | REDIRECT | 142.250.207.78 | - |
| sites.sandbox.google.com | REDIRECT | 74.125.130.81 | - |
| soaproxyprod01.ext.google.com | LIVE | 72.14.225.70 | - |
| soaproxytest01.ext.google.com | LIVE | 216.239.44.94 | - |
| spdy-proxy-debug.ext.google.com | UNRESOLVABLE | - | - |
| spdy-proxy.ext.google.com | UNRESOLVABLE | - | - |
| staging-a.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-b.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-c.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-d.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-daily.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-daily.blogspot.corp.google.com | UNRESOLVABLE | - | - |
| staging-gaia.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-git.corp.google.com | REDIRECT | 172.253.118.129 | - |
| staging-googlesource.corp.google.com | UNRESOLVABLE | - | - |
| staging-prod.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-weekly.blogger.corp.google.com | UNRESOLVABLE | - | - |
| staging-weekly.blogspot.corp.google.com | UNRESOLVABLE | - | - |
| talk.google.com | UNRESOLVABLE | - | - |
| talkgadget.google.com | UNRESOLVABLE | 142.250.182.78 | - |
| test.postini.corp.google.com | UNRESOLVABLE | - | - |
| toolbarqueries.google.com | UNRESOLVABLE | 192.178.211.99 | - |
| toolbarqueries.l.google.com | UNRESOLVABLE | 192.178.211.147 | - |
| trends.google.com | REDIRECT | 172.217.24.132 | - |
| twd-da.ext.google.com | LIVE | 72.14.229.178 | - |
| twdsalesgsa.twd.corp.google.com | UNRESOLVABLE | - | - |
| uberproxy-nocert.corp.google.com | UNRESOLVABLE | - | - |
| uberproxy-san.corp.google.com | UNRESOLVABLE | - | - |
| uberproxy.corp.google.com | REDIRECT | 172.253.118.129 | - |
| upload.google.com | UNRESOLVABLE | 142.250.77.143 | - |
| upload.video.google.com | UNRESOLVABLE | 142.251.43.143 | - |
| urchin.corp.google.com | UNRESOLVABLE | - | - |
| url.google.com | UNRESOLVABLE | - | - |
| vp.video.l.google.com | UNRESOLVABLE | - | - |
| webdrive-test-canary.corp.google.com | REDIRECT | 172.253.118.129 | - |
| webdrive-test-prod.corp.google.com | REDIRECT | 172.253.118.129 | - |
| wide-blogspot.l.google.com | UNRESOLVABLE | 192.178.211.197 | - |
| wifi.google.com | UNRESOLVABLE | 192.178.211.123 | - |
| www.flexpack.google.com | UNRESOLVABLE | - | - |
| www.freezone.google.com | UNRESOLVABLE | - | - |
| www.google.com | LIVE | 142.251.155.119 | - |
| www2.l.google.com | UNRESOLVABLE | 172.217.24.132 | - |
| www3.l.google.com | UNRESOLVABLE | 142.250.206.14 | - |
DNS Analysis
Records
| Type | Values |
|---|---|
| A | 142.251.222.206 |
| AAAA | 2404:6800:4007:833::200e |
| MX | 10 smtp.google.com. |
| NS | ns4.google.com., ns2.google.com., ns3.google.com., ns1.google.com. |
| TXT | |
| CNAME |
Flags
- MEDIUM SPF record missing or malformed.
- LOW No DKIM hints discovered in queried TXT records.
SSL/TLS
Issuer: CN=WR2,O=Google Trust Services,C=US
Expiry: 2026-05-18T18:19:43+00:00 (59 days)
TLS Version: TLSv1.3
Wildcard: Yes
Risk Flags
- MEDIUM SAN entries reveal internal/dev naming conventions.
Technology Stack
gws
Security Headers
| Header | Value |
|---|---|
| content-security-policy-report-only | object-src 'none';base-uri 'self';script-src 'nonce-0QXxUpOZgilLaGYS3tvoKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp |
| x-xss-protection | 0 |
| x-frame-options | SAMEORIGIN |
Findings
- HIGH Content-Security-Policy header is missing
- HIGH Strict-Transport-Security header is missing
- LOW x-content-type-options header is missing
- LOW referrer-policy header is missing
- LOW permissions-policy header is missing
Attack Surface Map
Internal links: 8 | External links: 1
Forms: 1 | Scripts: 1
API-like routes: None detected
Admin paths: None detected
Wayback Findings
| Historical URL | Risk |
|---|
Risk Summary
| ID | Category | Risk | Finding | Impact |
|---|---|---|---|---|
| SSL-SAN-001 | SSL/TLS | MEDIUM | SAN entries reveal internal/dev naming conventions. | 5 |
| HDR-001 | Security Headers | HIGH | Content-Security-Policy header is missing | 8 |
| HDR-003 | Security Headers | HIGH | Strict-Transport-Security header is missing | 8 |
| HDR-102 | Security Headers | LOW | x-content-type-options header is missing | 2 |
| HDR-103 | Security Headers | LOW | referrer-policy header is missing | 2 |
| HDR-104 | Security Headers | LOW | permissions-policy header is missing | 2 |
| DNS-SPF-001 | DNS | MEDIUM | SPF record missing or malformed. | 5 |
| DNS-DKIM-001 | DNS | LOW | No DKIM hints discovered in queried TXT records. | 2 |
Recommendations
- SSL-SAN-001 — Avoid exposing non-production hostnames in public certificates.
- HDR-001 — Implement a strict CSP policy tailored to required assets.
- HDR-003 — Enable HSTS with an adequate max-age.
- HDR-102 — Set a secure default for x-content-type-options.
- HDR-103 — Set a secure default for referrer-policy.
- HDR-104 — Set a secure default for permissions-policy.
- DNS-SPF-001 — Publish a valid SPF record to reduce spoofing risks.
- DNS-DKIM-001 — Ensure DKIM selectors are configured for active mail domains.
Appendix
Raw Subdomains: 244
Raw DNS A Records: 142.251.222.206
Historical Subdomains:
Non-Security Headers
| Header | Value |
|---|---|
| date | Fri, 20 Mar 2026 05:48:55 GMT |
| expires | -1 |
| cache-control | private, max-age=0 |
| content-type | text/html; charset=ISO-8859-1 |
| reporting-endpoints | default="//www.google.com/httpservice/retry/jserror?ei=x9-8ad77LIf2seMP8-yxuQI&cad=crash&error=Page%20Crash&jsel=1&bver=2405&dpf=IyEo2Kat1ZmqnVAO15MkhmK9ZswHwWUDSK_1H6OL7uA" |
| accept-ch | Sec-CH-Prefers-Color-Scheme |
| p3p | CP="This is not a P3P policy! See g.co/p3phelp for more info." |
| content-encoding | gzip |
| server | gws |
| set-cookie | __Secure-BUCKET=CLkF; expires=Wed, 16-Sep-2026 05:48:55 GMT; path=/; domain=.google.com; Secure; HttpOnly |
| alt-svc | h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 |
| transfer-encoding | chunked |