morphuslabs.com Open in urlscan Pro
52.0.16.118 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Effective URL:
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a206...
Submission: On May 07 via api (May 7th 2021, 5:43:17 pm UTC) from US

Summary HTTP 118 Redirects Links 51 Behaviour Indicators

Summary

This website contacted 13 IPs in 2 countries across 10 domains to perform 118 HTTP transactions. The main IP is 52.0.16.118, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is morphuslabs.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 18th 2021. Valid for: a year.

This is the only time morphuslabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	52.0.16.118 52.0.16.118	14618 (AMAZON-AES) (AMAZON-AES)
1 14	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
71	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.101.50 143.204.101.50	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	65.9.73.67 65.9.73.67	16509 (AMAZON-02) (AMAZON-02)
2	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:210... 2600:9000:2104:6000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2606:4700:e2:... 2606:4700:e2::ac40:8b24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:210... 2600:9000:2104:c200:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.200.208.53 52.200.208.53	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:24e... 2600:1f18:24e6:b901:69e5:7deb:1a84:7339	14618 (AMAZON-AES) (AMAZON-AES)
118	13

9 52.0.16.118 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-16-118.compute-1.amazonaws.com

morphuslabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a0::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

71 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-50.fra50.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.73.67 (United States)

ASN16509 (AMAZON-02, US)

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:6000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:e2::ac40:8b24 (United States)

ASN13335 (CLOUDFLARENET, US)

lightstep.medium.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2104:c200:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.200.208.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-208-53.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b901:69e5:7deb:1a84:7339 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
85	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	3 MB
10	medium.systems lightstep.medium.systems	2 KB
9	morphuslabs.com 1 redirects morphuslabs.com	47 KB
5	branch.io cdn.branch.io api2.branch.io	26 KB
3	optimizely.com cdn.optimizely.com errors.client.optimizely.com	97 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	93 B
2	parsely.com p1.parsely.com	514 B
2	google-analytics.com www.google-analytics.com	20 KB
1	app.link app.link	564 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	19 KB
118	10

	Domain	Requested by
35	cdn-client.medium.com	morphuslabs.com cdn-client.medium.com
35	miro.medium.com	morphuslabs.com
14	glyph.medium.com	morphuslabs.com glyph.medium.com
10	lightstep.medium.systems	cdn-client.medium.com
9	morphuslabs.com	1 redirects cdn-client.medium.com
4	api2.branch.io	cdn.branch.io
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
2	errors.client.optimizely.com	cdn.optimizely.com
2	p1.parsely.com	morphuslabs.com
2	www.google-analytics.com	morphuslabs.com www.google-analytics.com
1	app.link	cdn.branch.io
1	cdn.branch.io	morphuslabs.com
1	d1z2jf7jlzjs58.cloudfront.net	cdn-client.medium.com
1	cdn.optimizely.com	morphuslabs.com
1	medium.com	1 redirects
118	15

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
www.morphus.com.br
policy.medium.com
decoded.avast.io
ericzimmerman.github.io
attack.mitre.org
detect-respond.blogspot.com
markellisreviews.medium.com
carenawhite.medium.com
ryanfan.medium.com
pdu147-98382.medium.com
towardsdatascience.com
about.medium.com
help.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
morphuslabs.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-18` - `2022-03-18`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-05-06` - `2021-08-03`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
*.parsely.com R3	`2021-03-22` - `2021-06-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
appipv4.link Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
errors.client.optimizely.com Amazon	`2020-09-02` - `2021-10-02`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
Frame ID: CDA2FE2D1E167B38F6921059DD7B397F
Requests: 111 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998... HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malwar... HTTP 302
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /optimizely\.com.*\.js/i

Page Statistics

118
Requests

100 %
HTTPS

62 %
IPv6

10
Domains

15
Subdomains

13
IPs

2
Countries

2819 kB
Transfer

4883 kB
Size

10
Cookies

51 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----998159e8a8a9--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_page-----998159e8a8a9---------------------nav_reg-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F998159e8a8a9&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar&source=post_page-----998159e8a8a9--------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_page-----998159e8a8a9---------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: http://www.morphus.com.br/?source=post_page-----998159e8a8a9--------------------------------
Title: Sobre a Morphus

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----998159e8a8a9--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=responses-----998159e8a8a9---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://medium.com/@rmarinho?source=post_page-----998159e8a8a9--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fa3844a6384ee&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_page-a3844a6384ee----998159e8a8a9---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_actions_header--------------------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/
Title: 1

Search URL Search Domain Scan URL

URL: https://ericzimmerman.github.io/#!index.md
Title: 2

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1073/
Title: 3

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1093/
Title: 4

Search URL Search Domain Scan URL

URL: http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Title: 5

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fmorphuslabs%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_sidebar--------------------------follow_sidebar-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmorphuslabs%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_sidebar-----998159e8a8a9---------------------clap_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_sidebar-----998159e8a8a9---------------------bookmark_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fmorphuslabs%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_actions_footer-----998159e8a8a9---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_actions_footer--------------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@rmarinho?source=follow_footer-------------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fa3844a6384ee%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=follow_footer-a3844a6384ee-------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fmorphuslabs%2F998159e8a8a9&operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=follow_footer--------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/@rmarinho?source=post_internal_links---------0----------------------------
Title: Renato Marinho

Search URL Search Domain Scan URL

URL: https://medium.com/@rmarinho?source=post_internal_links---------1----------------------------
Title: Renato Marinho

Search URL Search Domain Scan URL

URL: https://medium.com/macoclock/ive-switched-to-do-apps-and-it-s-the-best-thing-i-ve-done-74d11e9086f5?source=post_internal_links---------2----------------------------
Title: I’ve Switched To-Do Apps… and It’s the Best Thing I’ve Done

Search URL Search Domain Scan URL

URL: https://markellisreviews.medium.com/?source=post_internal_links---------2----------------------------
Title: Mark Ellis

Search URL Search Domain Scan URL

URL: https://medium.com/macoclock?source=post_internal_links---------2----------------------------
Title: Mac O’Clock

Search URL Search Domain Scan URL

URL: https://medium.com/politically-speaking/trump-thinks-that-he-will-be-reinstated-in-the-white-house-5df1be33b00e?source=post_internal_links---------3----------------------------
Title: Trump Thinks That He Will Be Reinstated In The White House

Search URL Search Domain Scan URL

URL: https://carenawhite.medium.com/?source=post_internal_links---------3----------------------------
Title: Caren White

Search URL Search Domain Scan URL

URL: https://medium.com/politically-speaking?source=post_internal_links---------3----------------------------
Title: Politically Speaking

Search URL Search Domain Scan URL

URL: https://medium.com/insider/7-things-you-should-never-say-to-a-native-american-ec30c049d9a2?source=post_internal_links---------4----------------------------
Title: 7 things you should never say to a Native American

Search URL Search Domain Scan URL

URL: https://medium.com/@insiderinc?source=post_internal_links---------4----------------------------
Title: Insider

Search URL Search Domain Scan URL

URL: https://medium.com/insider?source=post_internal_links---------4----------------------------
Title: Insider

Search URL Search Domain Scan URL

URL: https://medium.com/crimebeat/the-man-henry-viii-boiled-to-death-275d22a69582?source=post_internal_links---------5----------------------------
Title: The Man Henry VIII Boiled to Death

Search URL Search Domain Scan URL

URL: https://ryanfan.medium.com/?source=post_internal_links---------5----------------------------
Title: Ryan Fan

Search URL Search Domain Scan URL

URL: https://medium.com/crimebeat?source=post_internal_links---------5----------------------------
Title: CrimeBeat

Search URL Search Domain Scan URL

URL: https://medium.com/health-fitness-travel/10-tips-to-shred-body-fat-7051bb638014?source=post_internal_links---------6----------------------------
Title: 10 Tips to Shred Body Fat

Search URL Search Domain Scan URL

URL: https://pdu147-98382.medium.com/?source=post_internal_links---------6----------------------------
Title: Patrick Duane

Search URL Search Domain Scan URL

URL: https://medium.com/health-fitness-travel?source=post_internal_links---------6----------------------------
Title: The Gist

Search URL Search Domain Scan URL

URL: https://towardsdatascience.com/3-visualizations-that-changed-my-life-554b7f83e473?source=post_internal_links---------7----------------------------
Title: 3 visualizations that changed my life

Search URL Search Domain Scan URL

URL: https://medium.com/@lukashurych?source=post_internal_links---------7----------------------------
Title: Lukas Hurych

Search URL Search Domain Scan URL

URL: https://towardsdatascience.com/?source=post_internal_links---------7----------------------------
Title: Towards Data Science

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----998159e8a8a9--------------------------------
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----998159e8a8a9--------------------------------
Title: Make Medium yours.

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/?source=post_page-----998159e8a8a9--------------------------------
Title: Share your thinking.

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----998159e8a8a9--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----998159e8a8a9--------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----998159e8a8a9--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----998159e8a8a9--------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9 HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9 HTTP 302
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

118 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9 Show response
morphuslabs.com/
Redirect Chain

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

218 KB
45 KB

874ms
873ms

Document
text/html

52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c8bd158739cdd140f254aab1414e473319f03fa698b9ef2290f5864c7e68b043

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors medium.com

Request headers

:method: GET
:authority: morphuslabs.com
:scheme: https
:path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Fri, 07 May 2021 17:42:55 GMT
content-type: text/html; charset=utf-8
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors medium.com
etag: W/"36740-4WWf/Cg5JabBKzx2xcuKLc0Cu60"
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86, lite/main-20210507-160349-5f82b83623, rito/main-20210507-155909-d4572125ac, tutu/main-20210507-011719-a7372163f9
medium-missing-time: 437
set-cookie: uid=lo_96508b973a78; Path=/; Expires=Sat, 07 May 2022 17:42:54 GMT; HttpOnly; Secure; SameSite=None sid=1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx; Path=/; Expires=Sat, 07 May 2022 17:42:54 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_96508b973a78; Path=/; Expires=Sat, 07 May 2022 17:42:54 GMT; Secure; SameSite=None
vary: Accept-Encoding
x-envoy-upstream-service-time: 733
x-request-received-at: 1620409374540

Redirect headers

date: Fri, 07 May 2021 17:42:54 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
set-cookie: __cfduid=dfe796a9d6a7be3cf2a9f28e19823510e1620409374; expires=Sun, 06-Jun-21 17:42:54 GMT; path=/; domain=.medium.com; HttpOnly; SameSite=Lax uid=lo_96508b973a78; Path=/; Domain=medium.com; Expires=Sat, 07 May 2022 17:42:54 GMT; HttpOnly; Secure sid=1:cMtISSgHhmYeH+y0L3R2vobRiSxMXU7aoomqG1zgJDGykA2hxzid8UvO208iwXJg; Path=/; Domain=medium.com; Expires=Sat, 07 May 2022 17:42:54 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_96508b973a78; Path=/; Domain=medium.com; Expires=Sat, 07 May 2022 17:42:54 GMT; Secure; SameSite=None __cfruid=d7d9d36a76c7fdeb2b256ff19fba0b27468f0d8f-1620409374; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
location: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
cf-ray: 64bc3f5c0e61dfc7-FRA
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
cf-request-id: 09e985ed870000dfc7372e8000000001
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: edgy/3, valencia/main-20210507-092505-443f529a86
pragma: no-cache
x-content-type-options: nosniff
x-envoy-upstream-service-time: 155
x-frame-options: sameorigin
x-obvious-info: 20210507-1515-root,061a4d51
x-obvious-tid: 1620409374196:47c4f5e78554
x-opentracing: {"ot-tracer-spanid":"4c2fc44a0fb03895","ot-tracer-traceid":"328c8e068ead2204","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 42ms
40ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2497
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2470000dfc7f1109000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 64bc3f63ae91dfc7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 May 2021 19:42:55 GMT

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 338 KB
97 KB 26ms
7ms Script
text/javascript 2a02:26f0:6c00:2a0::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c673231e214aaad2f30eace7b4ce3aaf4476d8cfdebb1555132169864ec1ec17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: R7yhrdBu3cYjw0Lt8Ux.PkCugDSyeH5U
content-encoding: gzip
etag: "168dba4888f74a820b6e441ae0f3ac2b"
x-amz-request-id: BMXR7JMGGFFC4X2W
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 6417
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:2a0::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 98073
x-amz-id-2: EzjtQx6E7h4MjnG+jbE4X5+dy0XJZiw4ZT83Pi0WdhuNWEFqXECKVu8PWBeCJl83Ea6ETKSUytI=
last-modified: Thu, 06 May 2021 21:56:14 GMT
server: AmazonS3
date: Fri, 07 May 2021 17:42:55 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H3-29 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 66ms
57ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1930281
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f27c0000061c6097e000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f63fb03061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 34ms
25ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1930282
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f27c0000061c67b6e000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f63fb04061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 24 KB
25 KB 49ms
40ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1944659
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f27b0000061c2c1a7000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f63fb00061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 24ms
24ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3961015
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2a10000061c333d6000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f643b97061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H2 200 1*JH0JTmpsTGDOH129UenyGg.png
miro.medium.com/fit/c/96/96/ 15 KB
15 KB 164ms
160ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*JH0JTmpsTGDOH129UenyGg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b18f385c40f0447b76d62f8026eeb2c78325d5c2041ac051d2b978d25bc92e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15452
cf-request-id: 09e985f2ae0000dfc75d970000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210422-105256-5b410a3e87
accept-ranges: bytes
cf-ray: 64bc3f644844dfc7-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H2 200 0*AfVsdz2TZBKfkmtC.png
miro.medium.com/max/60/ 2 KB
3 KB 166ms
162ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*AfVsdz2TZBKfkmtC.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e469b68ffc292560e6cb3ecc248c3433fc767cd1da76071575f66b43311529e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 58
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2555
cf-request-id: 09e985f2ac0000dfc74f398000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f64483adfc7-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H2 200 0*J2y62UJX9dZGcgmR.png
miro.medium.com/max/60/ 3 KB
3 KB 135ms
131ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*J2y62UJX9dZGcgmR.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22b22085d461bc9010931dbf9a3d86a769dd8c6bd17bbe62f666c69d7aebc5b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3287
cf-request-id: 09e985f2ad0000dfc7529ef000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f64483bdfc7-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H2 200 1*H7_S0j-ikigmgb_ZWxb1og.png
miro.medium.com/max/60/ 734 B
833 B 139ms
136ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*H7_S0j-ikigmgb_ZWxb1og.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83b3a7d19901dce2225b8169547dd978156fd24081c6ec04b85ddd1989d02bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 36
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 734
cf-request-id: 09e985f2b10000dfc7df09c000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f64483ddfc7-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H2 200 1*V7ZqTqzHH1QEX16qi2HW3Q.png
miro.medium.com/max/60/ 925 B
1 KB 140ms
137ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*V7ZqTqzHH1QEX16qi2HW3Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

083dbe4c8a656c48931cea871be647dba79584764dfccdacca8088a10c73df4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 925
cf-request-id: 09e985f2ad0000dfc740073000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210430-003637-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f644841dfc7-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H2 200 1*Mj2PfPWE0MrsRkvW20lDLA.png
miro.medium.com/max/60/ 2 KB
2 KB 128ms
125ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*Mj2PfPWE0MrsRkvW20lDLA.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3c257a59cc13d2b7b274694e7e73307f693ad68f16c8842d057ad5bc3274be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1692
cf-request-id: 09e985f2ac0000dfc7413ca000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f644834dfc7-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*TEKAzBpp8u66-C9-eomwXQ.png
miro.medium.com/max/60/ 3 KB
3 KB 197ms
179ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*TEKAzBpp8u66-C9-eomwXQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7223a4301655bc2f5cd603761b8e9b5fe465c767303e4c5ae9da072a60f73421

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 88
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2579
cf-request-id: 09e985f33f000005d4080ea000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65294b05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 0*6zd0na7Tly4J4mbD.png
miro.medium.com/max/60/ 2 KB
2 KB 169ms
151ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*6zd0na7Tly4J4mbD.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07097afa2112f890582862780e51240b956a99f50f88379f4c6052ee0e53c812

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1855
cf-request-id: 09e985f33f000005d40d3d7000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65294605d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*edJKTu-kkya5YEevQc7e9Q.png
miro.medium.com/max/60/ 3 KB
3 KB 169ms
151ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*edJKTu-kkya5YEevQc7e9Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

015c2c44e8e395216375e746d3125b1feac4cc9d6beddeb4fb909767dca584bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 40
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2842
cf-request-id: 09e985f340000005d40d3d9000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65294f05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*EGztmI_ZvGz_XU6OCeHPOQ.png
miro.medium.com/max/60/ 4 KB
4 KB 214ms
197ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*EGztmI_ZvGz_XU6OCeHPOQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc67f265011a1c47298ea7d976f4e1bcbbdb10aecf52d1f58ced18bbbc910a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3627
cf-request-id: 09e985f33e000005d4db9b5000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65293d05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*mjJuq3hyhiwYVi1UawPEMw.png
miro.medium.com/max/60/ 2 KB
3 KB 172ms
154ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*mjJuq3hyhiwYVi1UawPEMw.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe41c04896df909954b6d10420ba301a384b9997a99aacb41bab3866f33078a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2145
cf-request-id: 09e985f33e000005d40888a000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65294205d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*hYw3SBPvwnb_aGZ6gr13uQ.png
miro.medium.com/max/60/ 1 KB
2 KB 166ms
149ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hYw3SBPvwnb_aGZ6gr13uQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

befc42916da44b486990e11816ecae723983b947620cb4a205276c7d4b9dfa59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1116
cf-request-id: 09e985f33d000005d4000d1000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65293905d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*PbxUU3U7oWxV135fd_ptsg.png
miro.medium.com/max/60/ 3 KB
4 KB 165ms
148ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*PbxUU3U7oWxV135fd_ptsg.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c770f5838712c53206a0f6a475abb14883d82a1e118476171c7a3facf96f080

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 49
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3359
cf-request-id: 09e985f33d000005d4e4b0e000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65293505d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*AYyRs6s7mbA-rBdPL9Tn2Q.png
miro.medium.com/max/60/ 835 B
1 KB 166ms
148ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*AYyRs6s7mbA-rBdPL9Tn2Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29d2b25d22c273ab1dad31cad38757374cad5768e57a594f2538e67dd030c3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 57
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 835
cf-request-id: 09e985f343000005d4291ed000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65295105d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*738NV2OoISUCoQZu5z9YRw.png
miro.medium.com/max/60/ 1 KB
2 KB 189ms
171ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*738NV2OoISUCoQZu5z9YRw.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2487264e6d31a3796f975cfbf0289e5ef0256d3cea8d9e5a4483eeac09f688bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 51
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1183
cf-request-id: 09e985f341000005d4d03ef000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65295505d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*hDRjw-p3DepQ649qEMLzMg.png
miro.medium.com/max/60/ 2 KB
3 KB 159ms
142ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hDRjw-p3DepQ649qEMLzMg.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0297ecee7cd3d457a617fb2bbf695901f2dcb7ec0a75834d8f9d04d9f0c98ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2393
cf-request-id: 09e985f342000005d4e72e6000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65295b05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*B9-GjDBn7CTodZa6F_aneA.png
miro.medium.com/max/60/ 2 KB
2 KB 169ms
152ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*B9-GjDBn7CTodZa6F_aneA.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72ba43a3896f549ba6bf0f6360a9e4b3fec053d459f25b3e356096f43d1b75c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 54
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1678
cf-request-id: 09e985f342000005d404bdd000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65295f05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 0*3Ax5sp6x8dB2torU.png
miro.medium.com/max/60/ 1 KB
2 KB 186ms
168ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*3Ax5sp6x8dB2torU.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18c58e9ffeeeb5252d8f3170aec98c387d3be45775bbde1616db548d0a698366

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1070
cf-request-id: 09e985f342000005d4b5aa3000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65296105d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*JH0JTmpsTGDOH129UenyGg.png
miro.medium.com/fit/c/160/160/ 38 KB
38 KB 186ms
169ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*JH0JTmpsTGDOH129UenyGg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2a446856aff8e0934a0d009a4a13311e324756bd4e478d1727cd3e4e87464ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38521
cf-request-id: 09e985f343000005d41c862000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210426-224931-b5053c1754
accept-ranges: bytes
cf-ray: 64bc3f65296205d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*y82b5CliG--Ip2bLLUKKQA.png
miro.medium.com/fit/c/160/160/ 25 KB
25 KB 169ms
152ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*y82b5CliG--Ip2bLLUKKQA.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cff896eba3c403eabd6e84b5ff4edeba11b246affd828f13e52bd13bda839d18

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25380
cf-request-id: 09e985f343000005d4cb296000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210422-105256-5b410a3e87
accept-ranges: bytes
cf-ray: 64bc3f65296505d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*JH0JTmpsTGDOH129UenyGg.png
miro.medium.com/fit/c/80/80/ 11 KB
12 KB 166ms
148ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*JH0JTmpsTGDOH129UenyGg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6334ed1b6ae353a78f3473f3851900b98439a17456c162b089924c4d6ceb65a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 40
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11277
cf-request-id: 09e985f343000005d4ce287000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210422-105256-5b410a3e87
accept-ranges: bytes
cf-ray: 64bc3f65296805d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*y82b5CliG--Ip2bLLUKKQA.png
miro.medium.com/fit/c/80/80/ 8 KB
9 KB 187ms
169ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*y82b5CliG--Ip2bLLUKKQA.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3f8703a7b9376bdee2b8d2c841bebfa48e1630b18f3d3f2c5a05ab56201d322

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 49
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8270
cf-request-id: 09e985f344000005d41f003000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210422-105256-5b410a3e87
accept-ranges: bytes
cf-ray: 64bc3f65296a05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*hn4v1tCaJy7cWMyb0bpNpQ.png
miro.medium.com/max/60/ 3 KB
4 KB 55ms
37ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hn4v1tCaJy7cWMyb0bpNpQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 194
x-envoy-upstream-service-time: 23
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3059
cf-request-id: 09e985f344000005d4fbae6000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65296e05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*EwAGeoUTYiXAUK-Yti4qGw.jpeg
miro.medium.com/max/60/ 967 B
2 KB 59ms
41ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*EwAGeoUTYiXAUK-Yti4qGw.jpeg?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eddff416a7dac40284d0c2e167969f4b1a7f93e779fa175c47b5f71236af3e2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 115
x-envoy-upstream-service-time: 466
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 967
cf-request-id: 09e985f344000005d4bfbff000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210430-003637-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65297105d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*A5ZImhz1t4Sg4x_vcRrY3w.jpeg
miro.medium.com/max/60/ 916 B
1 KB 61ms
43ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*A5ZImhz1t4Sg4x_vcRrY3w.jpeg?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ad3dd722269bdb661c9d824bed1d66bfd52646f73b9f1cac1c27fa4c64ea9b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 43
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 916
cf-request-id: 09e985f349000005d405bd7000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65297405d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 0*ZmuBSoWUQ9Y9fsgJ.jpeg
miro.medium.com/max/60/ 1010 B
2 KB 103ms
85ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*ZmuBSoWUQ9Y9fsgJ.jpeg?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9fa9e9541ec1402c1518308c44d233f1d7b4614886976cfdda2eef7bf7cbab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 149
x-envoy-upstream-service-time: 77
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1010
cf-request-id: 09e985f346000005d41a04e000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210430-003637-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65297a05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 0*s4cegH9cP2hs0BAB.jpg
miro.medium.com/max/60/ 1 KB
2 KB 192ms
174ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*s4cegH9cP2hs0BAB.jpg?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15ee3ba370b6e19ffab24ef8aa9582c8222aa08c735ea041b720e7f523e8eb35

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 17
x-envoy-upstream-service-time: 55
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1371
cf-request-id: 09e985f348000005d4b3b40000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65297c05d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 0*wE1pq0zNEvuOuPtI
miro.medium.com/max/60/ 893 B
1 KB 93ms
75ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*wE1pq0zNEvuOuPtI?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed6e59ed9a53ee0d74414a46bc7544daafbe33b8b02085074475e4f3141f4abe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 107
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 893
cf-request-id: 09e985f34c000005d4000d3000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210430-003637-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65298305d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*1VqmH1tZwlzw-NXHP5IhmQ.png
miro.medium.com/max/60/ 2 KB
2 KB 94ms
76ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*1VqmH1tZwlzw-NXHP5IhmQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97bc159f0904ccbe8ca7ad1066fc157f214db01fac8f21692b1684087bd75ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14
x-envoy-upstream-service-time: 17
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1793
cf-request-id: 09e985f347000005d4fb0c2000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65298505d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/270/ 10 KB
10 KB 103ms
85ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*Crl55Tm6yDNMoucPo1tvDg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 205
x-envoy-upstream-service-time: 3034
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9821
cf-request-id: 09e985f348000005d4f8a3a000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65298705d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/270/ 7 KB
7 KB 104ms
86ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*W_RAPQ62h0em559zluJLdQ.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 63
x-envoy-upstream-service-time: 163
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6839
cf-request-id: 09e985f348000005d4e99fa000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f65298905d4-FRA
expires: Sun, 06 Jun 2021 17:42:55 GMT

GET
H3-29 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 298ms
298ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3961014
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2c10000061c1a869000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f646c17061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 18ms
17ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3961014
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2c10000061c7a898000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f646c1a061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 18ms
18ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3961014
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2c10000061c36243000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f646c1b061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 31 KB
31 KB 30ms
30ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b620429ac05f49cf1c59b1d24593fc3d396a79b7fe2bdb41f82fdcf94c3c6ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2082692
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2e80000061c7d31c000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f64acdb061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 32 KB
33 KB 22ms
22ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3791f3ddaf70def83b4b5e888e85c448ec0a681e5d9f7b983c5b30c35a09cf53

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1585055
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2eb0000061c70a7d000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f64ace6061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 charter-400-normal.woff
glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 31 KB
32 KB 56ms
55ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fefca2e39b0c80d4d1c9b40a41787df0f738a85ff142e5295f17b2e96711ad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2375092
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2f70000061c3f2db000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f64bd15061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 27 KB
28 KB 42ms
41ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61df1c691c169e5eee23e389d4746fd846ffc7746356cba2e924d83445181a15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1930281
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f2f80000061c399cb000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f64bd18061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H2 200 manifest.3bb06726.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
4 KB 37ms
27ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.3bb06726.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

185c05e9357edaa686b42c77cfffa8b2ef48fee538121e84a34a9f2a6d4ef6d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26970
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F95366QTZ5P4K2HS
x-amz-id-2: nqao7TCkcTCiQtglndCKYiN0nFchgM05Nqwz8DcdOdeYU6u7yzvdj2ulCY6Z6rrBuYAF4E4UOW0=
last-modified: Fri, 07 May 2021 10:03:12 GMT
server: cloudflare
etag: W/"da257bacb8b2e6a58b505ac3dc8a90d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: PkronoLvQjEEoeDEtDmSTSKC0wa_EqJl
cache-control: public, max-age=31536000
cf-request-id: 09e985f3130000dfc74a1de000000001
cf-ray: 64bc3f64e99bdfc7-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H2 200 6484.910e6b9f.js Show response
cdn-client.medium.com/lite/static/js/ 644 KB
196 KB 37ms
27ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6484.910e6b9f.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

260f0ab107ecb83701c72c34441f89657c036c76c1d038c43b31d250f9183e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 687595
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3GBB69KWVY2YD2HA
x-amz-id-2: caNzPPazI4Znmx8cQ0fbvQPQefMGlsXg86rWpDu8gNRLVuNATfcwJN+75Ob1jtKkoE/r2EQb+Vg=
last-modified: Thu, 29 Apr 2021 18:37:30 GMT
server: cloudflare
etag: W/"e076fc299b17f07db37ab5053e4aed0a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: MizhCS6a6_p3T81DP1jJDQpJH9TKO9IE
cache-control: public, max-age=31536000
cf-request-id: 09e985f3140000dfc74f3a1000000001
cf-ray: 64bc3f64e9a2dfc7-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H2 200 main.f0906392.js Show response
cdn-client.medium.com/lite/static/js/ 640 KB
169 KB 39ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.f0906392.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd62a699d7609de1c34d4440c9efb41fe3e88d1714915cecf76a77d6956332c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4431
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: V5N2NC109EZG9R7X
x-amz-id-2: lHdq+AOxD3swkOf3A/iQN+3LTfX/ZtP7I3dCrdo1f4FziwXs1aEVI84oYjr7Uh8fMQZxD9RKMYs=
last-modified: Fri, 07 May 2021 16:15:14 GMT
server: cloudflare
etag: W/"eefbf172ce2583f8b68e5660f203b1cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: varnizTz16y0_NIao6G3ZhZbggY5RHMT
cache-control: public, max-age=31536000
cf-request-id: 09e985f3130000dfc761aaf000000001
cf-ray: 64bc3f64e99ddfc7-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 43ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 327596
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W9H1E7QEJWV62Q
x-amz-id-2: mABeBnsK9OxlKT0WBqYlWZpdTu3Ot/3Lo+XUU8UK3ts0KFtIplrawPV1USSHgA1An7kXH8GaE1A=
last-modified: Fri, 23 Apr 2021 00:36:38 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: LU7nKpFFDV.YnVykAFG48qnxoHLOqxqF
cache-control: public, max-age=31536000
cf-request-id: 09e985f3150000dfc7df9d9000000001
cf-ray: 64bc3f64e9a4dfc7-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H2 200 instrumentation.8ea15b6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 27ms
24ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.8ea15b6a.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41af3fc4dd15d2e6e273aca0177f9b0d31a240987f6aedf2c174e1963ba34a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 596311
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W2JSHPM934Q9Y8
x-amz-id-2: p8ZAX6VH5URkp6EzewMRbKdFbzDaEjSHLqmH1DypTBJ9cWTC6ezOgHAsBd5HJKOXOL8hvQj7jOA=
last-modified: Fri, 23 Apr 2021 00:37:03 GMT
server: cloudflare
etag: W/"18bc5dc36b0e197b069e26fdc66f2cfa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: PkFPAb6cxVHSicfvPwykcm9Rc.nHWKIb
cache-control: public, max-age=31536000
cf-request-id: 09e985f3140000dfc759a0b000000001
cf-ray: 64bc3f64e99fdfc7-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H2 200 reporting.65aadb14.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 29ms
26ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.65aadb14.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c2d0f345f48da7eae159fb1c8240d2fbd8970db20383bc14f39af4436e56238

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60670
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5WB8RRRFX5EY5KM
x-amz-id-2: uXIxQ9Km+YrLYDDi/VWAYxNcnv0hFQReqhORFFRHc9Ar2LYgLwZfYwLWBZNhow7loUOCWykN4qQ=
last-modified: Fri, 23 Apr 2021 00:37:13 GMT
server: cloudflare
etag: W/"59d5c4eae69521aa54cfa5989461cf71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Fll3fHDBKTy1q1ENcRsFL22fjnzecNis
cache-control: public, max-age=31536000
cf-request-id: 09e985f3140000dfc7ee183000000001
cf-ray: 64bc3f64e99edfc7-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 93ms
73ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 327596
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W1APGX0KZP07FF
x-amz-id-2: BtTi/oDuygGEBejbPfjWODrJewRpXJL+XeAvQzSH0YGAlcyYCJ9Cnrt+4XPCw4xAUaDm0z4b264=
last-modified: Fri, 23 Apr 2021 00:36:36 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: qTjBvlRxYaTEFxDcJqCNPskg63NMpmfW
cache-control: public, max-age=31536000
cf-request-id: 09e985f34d000005d4b3b41000000001
cf-ray: 64bc3f65298a05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 2833.383a48e6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 79ms
58ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2833.383a48e6.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c1619c4620c9c56b460a072f356c192686176de8861f586eb116e8f57316665

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 736195
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5WDW4TSC38G4MGC
x-amz-id-2: 9yQvovAu2LfmB4YF5MlQh69uklxBk9nE6RrGKotLLQwrRa/VrSmPzeTm5MbWWkVaZQBFUuib/Nc=
last-modified: Fri, 23 Apr 2021 00:36:37 GMT
server: cloudflare
etag: W/"c6ea5b0dec5a40b283b8f51b7b8ccc95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: nvuxWjyYvF0KRRdGC63ncjMNC1LvclJR
cache-control: public, max-age=31536000
cf-request-id: 09e985f34b000005d414943000000001
cf-ray: 64bc3f65298d05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 8342.6aa0b45e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 120 KB
34 KB 95ms
74ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8342.6aa0b45e.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 327596
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W3P40E1BXB1889
x-amz-id-2: PE4cQblYdGZu0FLjWcMmFOIjDhc5vkN82dWteyKbEMg1GMwNyM+NDvXbBGRmsPiASeoCwC8mkEw=
last-modified: Fri, 23 Apr 2021 00:36:40 GMT
server: cloudflare
etag: W/"5daacb41c4e6b401be87ada016250ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: BD.7AqbyxWLGKAdM1V1bossX4FoDEg2p
cache-control: public, max-age=31536000
cf-request-id: 09e985f349000005d4c415c000000001
cf-ray: 64bc3f65299105d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 4930.d16bc692.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 105ms
84ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4930.d16bc692.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99b72261d020e356b976b981f86d64b88f37f21b74c0a08fe7bd8add0e86c638

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4791
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W12C6N2WMQJ7VX
x-amz-id-2: ESFTXfdqG4pwuJ7yShzWhZfTJ2aBruQ+/po/P71bS09UIcbApcwnUd2N5l7YSZsEf4YwAliM/9I=
last-modified: Fri, 23 Apr 2021 00:36:38 GMT
server: cloudflare
etag: W/"9a3e75bf2d709f347c45f359c5e1b1cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: qBPH2LSQ1zuzVwxWLHyqKj64XpfX8LAO
cache-control: public, max-age=31536000
cf-request-id: 09e985f34a000005d4c415d000000001
cf-ray: 64bc3f65299305d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 9692.d85d4b46.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 91 KB
26 KB 83ms
61ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9692.d85d4b46.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f8aaf9910f854e3e44e2f2901d2505ed639bfab9b435468383b97c7db34bb8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 67483
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YSH2F9ZGT3M324PP
x-amz-id-2: aEK/G5Et80WzPH5ZmjskVjzQoqTMVStiuuC5p5BjhjCeJ71CGndG0q0zWrBPOMaEvA+TEatfre4=
last-modified: Thu, 06 May 2021 22:50:46 GMT
server: cloudflare
etag: W/"2bac85e00d30ae0ff124dfd2259232bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: NMTAUfB1CaXnm0ygs0t3xpB2NEe84R7h
cache-control: public, max-age=31536000
cf-request-id: 09e985f34d000005d40888d000000001
cf-ray: 64bc3f65299405d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 4586.8a40841d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 108ms
86ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4586.8a40841d.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8162859bac88f83ac959059d26394ef030ba8c2928131fdd1e7e96d12f084b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 583637
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6NVE7248K3Z9EN37
x-amz-id-2: FXpQ90GDVK2JRpzBKfHiab6QhKB/Ybosr85hD5XS++L1hcc1krDexaPnOz3soasEXK26fLMgkv0=
last-modified: Fri, 30 Apr 2021 23:24:09 GMT
server: cloudflare
etag: W/"7b2a3221fb877def37f56e11a437eaef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: B0Yjnqx0fmtnEOnXe8t.9OeTyavJwyJb
cache-control: public, max-age=31536000
cf-request-id: 09e985f34a000005d4b5aa5000000001
cf-ray: 64bc3f65299705d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 5064.09f3af9f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 108ms
87ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5064.09f3af9f.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3599c674279fdc7ba6690f00ccc339aee2737ba41384133f07980c26fa82972

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 67483
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YSHEQYVT0W4JB98B
x-amz-id-2: Dd9PDThdVlbC02Hq+TkPFLuc6ZmBH/JatlSf96eEI9g+s1AhqLBIgrgR2ZkJBvpHceJC95ObwPA=
last-modified: Thu, 06 May 2021 22:50:42 GMT
server: cloudflare
etag: W/"bd6eee9d0888f065a459283a9bb7b7b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: jQwpQgQU9_f3JiM.32CWlka4lqLmYSTT
cache-control: public, max-age=31536000
cf-request-id: 09e985f34a000005d4b5aa6000000001
cf-ray: 64bc3f65299a05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 9046.ceb8e677.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
9 KB 110ms
88ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9046.ceb8e677.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

133ed550dddc1b952f90522ba29312935ec3c51cb2102c97402f20927c225a6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 583637
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CMES3AXHTC64FJF9
x-amz-id-2: ev5LJHTkRwFlh4A6HM+8MhdfAlm2XSqhyrqYrGoY0ZysMe539UUhbmumyWYZMFVFPGiISpIHKgg=
last-modified: Fri, 30 Apr 2021 23:24:12 GMT
server: cloudflare
etag: W/"81f5d4623849d24cb7b2856ca7251f35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: J2slCW3XifIrR3F45ebKgQtElGwaVyo3
cache-control: public, max-age=31536000
cf-request-id: 09e985f34a000005d4e4b10000000001
cf-ray: 64bc3f65299b05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 2846.23cecf32.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
7 KB 110ms
88ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2846.23cecf32.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ced0a22eda6ef8a9deb59b17ec8cefb792343a5d38ecde9534698786d42f6d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77284
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FX5DFGEH07BABT4A
x-amz-id-2: PCLMpHciu6KWaQIZWKgyOpq8KhXebO7Kj5n7v0hVdv4ClX7rNznr3l+kFcPjvEI0PJDHCcHxkaE=
last-modified: Thu, 06 May 2021 20:10:34 GMT
server: cloudflare
etag: W/"93de839c0fb8c6ce8ddd1cd9f56c5cce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: .ZhalYpqjsVZVtZA5cTFSXHSigUGXzs_
cache-control: public, max-age=31536000
cf-request-id: 09e985f34b000005d4b5aa7000000001
cf-ray: 64bc3f65299c05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 2176.692ede18.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 110ms
88ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2176.692ede18.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

503eac93673838c7a8dae99c5c04b5df31ea90a198599754abf1aed6c06b4eb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77284
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FX533NG8ZPYGS8YC
x-amz-id-2: ZrgE1hgnFYdJnzGdK61MPYgsk6K3B3idNGGZmSP+kSJEVvDynya1r56CbvCw1yd5w7jcrLOC+s8=
last-modified: Thu, 06 May 2021 20:10:34 GMT
server: cloudflare
etag: W/"85ad4d17abafd2f83aeb4e02496da05b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: GRv9vWay7oslEbOtqjQ0wKw4x3bSB5p_
cache-control: public, max-age=31536000
cf-request-id: 09e985f34b000005d4b3103000000001
cf-ray: 64bc3f65299d05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 2712.7800f606.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 60 KB
17 KB 111ms
89ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2712.7800f606.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac0c9a230e4aa480f06828696576bc94f2ea5dc932e66e98dfc47743e4b269ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26970
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F95ANBRBAY4MPEDC
x-amz-id-2: pdN9gTuSul2aBNdGYP+t5MiDtKgW5A31QvcWqOxcYr93VybfYYZyWF7shB4+pbqJo/3hb5GHVGA=
last-modified: Fri, 07 May 2021 10:02:43 GMT
server: cloudflare
etag: W/"b79e4446e42dc0bbb1e0721479db491c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: H10KrrGVB.T1F3iQT9NXCe30crJWGplY
cache-control: public, max-age=31536000
cf-request-id: 09e985f34f000005d4d03f1000000001
cf-ray: 64bc3f65299f05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 9972.642087b9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 112ms
90ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9972.642087b9.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

065dca031654dd287e2aab6008b50fb40111247043b3c2599b9b10903e40d9bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 64415
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W86TR2NT3MM37S
x-amz-id-2: vlW0UQOmPv4vE83Pi9Qi02hLFo3kCzBllBd8pAQNypyZk5F4GIwVtGEV0tfB270GW8bvL8nfJ14=
last-modified: Fri, 23 Apr 2021 00:36:41 GMT
server: cloudflare
etag: W/"d6941882540f8f4cb789c7482260aa10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: qFmrHGNkke6ptuA8JDXC.Agjj3XOyvSD
cache-control: public, max-age=31536000
cf-request-id: 09e985f354000005d4e4b12000000001
cf-ray: 64bc3f6529a105d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 4379.369666f1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 132ms
110ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4379.369666f1.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

009923faab2dff7b6c1aeed93de33f07f555a22eff57076530f9e68f3dc378e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 64415
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W5P5KWH348P7XY
x-amz-id-2: ck90RaCg73Oye7iYA6a2gnRG7uTKWFvqLLRWksyIzfiLmJSZ57fv1r3F6tXsPAMM6YdwUgZ33As=
last-modified: Fri, 23 Apr 2021 00:36:38 GMT
server: cloudflare
etag: W/"10b0e53133eb5da7cebf3898a3914463"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: LY0RT012OrW8VR0.BSz6UhQ9wiHHazQ0
cache-control: public, max-age=31536000
cf-request-id: 09e985f350000005d4ed986000000001
cf-ray: 64bc3f6529bc05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 664.9da39b11.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
6 KB 112ms
90ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/664.9da39b11.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6d44b945ceab10c91046a1470b5876d5b838b1ac2b4af771202d8ff293a7007

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 583637
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CMEZB3AWD1BFHRB1
x-amz-id-2: Wk3gPDJTyTod2YHPbbld2xLTIKFylbKy2UAXk7BM6/ICG8VO/HzgaXzQtt9E1GSlahHxxdnRYG0=
last-modified: Fri, 30 Apr 2021 23:24:10 GMT
server: cloudflare
etag: W/"eec96d3e2189afae54a59548122e56fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: xAnpy2q49WWt9P8l5BA2w2XlY2Vio8Qo
cache-control: public, max-age=31536000
cf-request-id: 09e985f358000005d4d8871000000001
cf-ray: 64bc3f6529c505d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 8751.f25961b7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
6 KB 84ms
62ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8751.f25961b7.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad7e9dca0e8be1c4cb8efb4d39696d4af8928b6c1c81250d65d518d4c32a790a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 64415
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5WA35TRH9CAP2D5
x-amz-id-2: NmWpLDyjWvmKngfXFQZ8FaXKn7fD7fg+bcYCVG1iA5DcjPlgkoJdvGP42C1Hj2gK5q3SvMaUYx0=
last-modified: Fri, 23 Apr 2021 00:36:40 GMT
server: cloudflare
etag: W/"0d06e6b71aa6bdb1ccdbf707355ce844"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: DdDaNUjNcMERI0vlG3BOyVKRaL5Zn2qT
cache-control: public, max-age=31536000
cf-request-id: 09e985f355000005d419a8d000000001
cf-ray: 64bc3f6529ca05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 2955.5871d3cd.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 36 KB
12 KB 113ms
91ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2955.5871d3cd.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

188d4ab1c1485ca3ff3c343f6ad81e5b9b025b94607188c8d0e5e81d29597e47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77284
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FX5BQGY0R1D0GKY3
x-amz-id-2: NIzDjLjLkX2IXznKxZnXHUY3JehgzJKVwBdVE3OcP7lvSgIEmH/g6rgu7+j6SUZDF3slD1nlEIY=
last-modified: Thu, 06 May 2021 20:10:35 GMT
server: cloudflare
etag: W/"2b57fcad11461d625c9ee153198c2e00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: p8zeREIo_cNy8Sci3xXHC_ByTUD4cd5n
cache-control: public, max-age=31536000
cf-request-id: 09e985f355000005d40fa8e000000001
cf-ray: 64bc3f6529cc05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 7131.298ba81b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
7 KB 114ms
92ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7131.298ba81b.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7161183af4a0e2f26511e6f198029e66cf60dd2cb404083f566b1eeafded9e07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77267
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FX555ND6E2ZFEMH5
x-amz-id-2: Ovusv4kTzv3G9GyhX8541ED3fI6CzMrFEiwsu2wEjdQlQ+AV1Y4SumpLZQ42h1Jh3oHMmUPFYOA=
last-modified: Thu, 06 May 2021 20:10:37 GMT
server: cloudflare
etag: W/"b732c4500cbfdd1b673bba5f0fb658b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: N.LCLPhaoi6cxIlGu4afGW7f9Yr9O3HI
cache-control: public, max-age=31536000
cf-request-id: 09e985f354000005d4b3104000000001
cf-ray: 64bc3f6529d005d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 303.47c68e69.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 115ms
92ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/303.47c68e69.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd138d78e135bd0cff2a37a0b88f30cce29bc66a813a67192568ee57c1c6bcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 67483
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YSHE8MSJSQK22KCG
x-amz-id-2: JRF8W4hWAHZ3XHdMopgrTSkBWDHlhYaWS4Dk601Ys01S0AvhkjxbLATHMyJ2nm+wcvwPy2oGMMU=
last-modified: Thu, 06 May 2021 22:50:41 GMT
server: cloudflare
etag: W/"66bc9603d7f5eac3c8ba03ccc9481748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 0ezcKKFLBXc3CF3d0dAU58IT.0toE3eB
cache-control: public, max-age=31536000
cf-request-id: 09e985f353000005d4291ef000000001
cf-ray: 64bc3f6529d205d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 8127.ebea23a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 115ms
93ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8127.ebea23a3.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad6c3ad092cea759f505d1ea15a3b0b2da672875f848244ddc50bcee827c426a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 64415
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5W9FG4FHN1R7DXG
x-amz-id-2: y7BazTo5add/PrIBmwwHaZZ+CUOdS5H8T0JbJemjGcmOMIsA+J92VozIf+5ltn6LXavl6GpJ4Js=
last-modified: Fri, 23 Apr 2021 00:36:40 GMT
server: cloudflare
etag: W/"95bbd1b7c8db315c377cb940c30c44a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: QC9HTp6FD8RUpRxbV3pA_hoVbnM_NACZ
cache-control: public, max-age=31536000
cf-request-id: 09e985f353000005d4bf801000000001
cf-ray: 64bc3f6529d505d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 2514.16d53d34.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 116ms
93ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2514.16d53d34.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456440518b26baf30262e01a9922d85024bd36e74060e18f9965f574f7e8f14d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 64415
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5WEZR8J4KT7XZFC
x-amz-id-2: YBNdKk883PXCO+kUNK1ob7ZtGywWPh60jkHwvSPdi341YXi0sfgCZSmDuR05Dtulm3NqGkFlChI=
last-modified: Fri, 23 Apr 2021 00:36:36 GMT
server: cloudflare
etag: W/"22dc5388b6025b3e5a19fb4f758e4776"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: GNbEF7BEvF7D30yei2X0OrX1VefUM9XJ
cache-control: public, max-age=31536000
cf-request-id: 09e985f355000005d4d03f2000000001
cf-ray: 64bc3f6529d905d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 6371.053c3097.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 116ms
94ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6371.053c3097.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c9685f66425f68dc25f5d210863f079b8ec71cdaa37ce8940dfc44e4ba0f3d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77082
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PEVCETKAAYEXW2DY
x-amz-id-2: bDrZWSz6CjOnBHu6B1cVaI3C8pjwAXPswmMaPrZBdrUcUuKIlFOVobMpAQdnGfToSeA/gUXPj1I=
last-modified: Thu, 06 May 2021 20:10:37 GMT
server: cloudflare
etag: W/"4d01658bfc49249289a44fbb8df5929c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: xbHSSaI9IUelJjDIXC89vtjJ5heksYBN
cache-control: public, max-age=31536000
cf-request-id: 09e985f354000005d4cb299000000001
cf-ray: 64bc3f6529e005d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 8995.be645cdf.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 117ms
94ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8995.be645cdf.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2238d30029da71fab3a03236eca9f9c0260627d5a8220025b2e6f417fb0d4b8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60318
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: K6SV097SJ075N80X
x-amz-id-2: 5t5h6sclOv9kfncXthBCsbXdAbCbbtHNfmWWMnwnZE+O7HteLOOGfS4E5Pa1DXK4fm85//Y45cw=
last-modified: Fri, 07 May 2021 00:46:13 GMT
server: cloudflare
etag: W/"83f806aa3aa3584d57f88f076eeab241"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Kt0b3UnyhUpl_R7LhTCBZkkKRCKRGhni
cache-control: public, max-age=31536000
cf-request-id: 09e985f355000005d4db9ba000000001
cf-ray: 64bc3f6529e305d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 7596.c834d049.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 85 KB
24 KB 117ms
94ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7596.c834d049.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcbd409808227af2d9c3207f81a629f169cf23071af4687884d7b3d769d09613

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77177
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FX56A0515MW9D1QJ
x-amz-id-2: 1O9V+oPY/EUyH6uk/alKE18pKa1/z1CUfnrveuhH2PBUedS0dRN/IOzLqo/PyIweNhoXMiknNY4=
last-modified: Thu, 06 May 2021 20:10:37 GMT
server: cloudflare
etag: W/"1d8add0e42d963076d6b4361ec696641"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: RVWiE.eDd6oA5He81EjLWHXluSTbInKT
cache-control: public, max-age=31536000
cf-request-id: 09e985f355000005d4e99fd000000001
cf-ray: 64bc3f6529e805d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 3874.02b9b2d8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 119ms
96ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3874.02b9b2d8.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cfcce543fee5c13270c5b5fc977d97627e7c3e007897932c2bd8c4ad54f0675

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 64415
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5WBVYYPFM7W1AZZ
x-amz-id-2: TwdLww6j9VDbuDgfEzSdBFm9VdF7vK/m/Ka+KT6sO3It9FU2rJKKklYnOx1UFDih3OCtR+SaW5I=
last-modified: Fri, 23 Apr 2021 00:36:37 GMT
server: cloudflare
etag: W/"5a8312303c3895ac038e2b529ae15255"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: C7ihoH9DyP0PypF3YGhycLtSr_k66uqh
cache-control: public, max-age=31536000
cf-request-id: 09e985f35e000005d419a8e000000001
cf-ray: 64bc3f6529ec05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 5353.6c41fccc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 80 KB
23 KB 120ms
97ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5353.6c41fccc.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

064e223d4a2519736ea857accce451e86889c9e0e056d01cdfb515fed128e853

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77177
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FX568KT5FKNEXQ6E
x-amz-id-2: UyEJirpbJH2Paro6S6DULm8bYBe8JoZNkCElGkQpjrU6LUzydiYcOpExz8QtKG4tSodZCMRWcJs=
last-modified: Thu, 06 May 2021 20:10:36 GMT
server: cloudflare
etag: W/"12e5a3f196fab3d0ca32ae0c5dd48af5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: yksewe1Wd5xKsa9_UbSK3mqqNaahAA2H
cache-control: public, max-age=31536000
cf-request-id: 09e985f35a000005d41a052000000001
cf-ray: 64bc3f6529ee05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 1794.574e0f73.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 121ms
98ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1794.574e0f73.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4a6ee70f280e752cfeea9d8ebd4d75b338ce88ff12f20e198a444250bf52a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245461
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: TQ5QH80TA809Q1K4
x-amz-id-2: e6bhBG6FerGGlslN846vWPZ6HT9dCLfjFB8lJKXrmo+YK5hDIH1DvVte/aMoX+h9oQiWhloSUIQ=
last-modified: Tue, 04 May 2021 21:16:25 GMT
server: cloudflare
etag: W/"b6ff92a61940639c91b8e429faef17ff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 2LRK9mnomdx3IqA.F7FIA6FefoPLolF9
cache-control: public, max-age=31536000
cf-request-id: 09e985f35b000005d4d03f3000000001
cf-ray: 64bc3f6529ef05d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 9454.0a212623.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 67 KB
21 KB 121ms
98ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9454.0a212623.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d44331aa64c2bd076884c28002e7ab8f731e0c89e68e7a1a1cbd920db165054

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26970
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F95E12FJW4SQPVVG
x-amz-id-2: 3nHaD1oUxX1gkZhv4LeuMX3lqL+H6/yyWAq91WjlXZ/cgOf1R4whZ5vR63z4Rv2XldeLEXALOUQ=
last-modified: Fri, 07 May 2021 10:02:47 GMT
server: cloudflare
etag: W/"ce3d89e6291cacf053beeee4eca38b1d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: yLMH0Misz3LvdEKObtczIyTLx1ZkisQc
cache-control: public, max-age=31536000
cf-request-id: 09e985f356000005d4f1b0d000000001
cf-ray: 64bc3f6529f105d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

GET
H3-29 200 Post.7dae5eaf.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 123ms
100ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.7dae5eaf.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50eeaefe9e94677d3c8504498cd28748422d9555864e6215527853cc4eb91514

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 180193
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W0W1AXJ4EG7CZB68
x-amz-id-2: L2A4iL6AVN0eX7OfJNEzhqAKARAHXQT7mU3ViIR7hf56TxtY8AiXmkLst7LbirxDF4Mu7aChRvs=
last-modified: Wed, 05 May 2021 15:28:41 GMT
server: cloudflare
etag: W/"08a6e790e72076398b9ce2ac98301333"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: zHc8MF9oCB353aupZchyq5sScKySCJ_l
cache-control: public, max-age=31536000
cf-request-id: 09e985f35c000005d4e72e9000000001
cf-ray: 64bc3f6529f205d4-FRA
expires: Sat, 07 May 2022 17:42:55 GMT

POST
H2 200 graphql Show response
morphuslabs.com/_/ 141 B
436 B 200ms
199ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6484.910e6b9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8b0e43cace16a8f48acbc0e9fba8359a08a75478a34a19891e67d85c13384aef

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://morphuslabs.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 4e8c41bd48cfb5db
cookie: uid=lo_96508b973a78; sid=1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx; optimizelyEndUserId=lo_96508b973a78
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210507-160349-5f82b83623
content-length: 195
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 4f6e06e6fd09001
medium-frontend-path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: morphuslabs.com
referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
:scheme: https
apollographql-client-version: main-20210507-160349-5f82b83623
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 4f6e06e6fd09001
Medium-Frontend-Path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
Medium-Frontend-App: lite/main-20210507-160349-5f82b83623
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210507-160349-5f82b83623
ot-tracer-spanid: 4e8c41bd48cfb5db

Response headers

date: Fri, 07 May 2021 17:42:56 GMT
sepia-upstream: medium
server: nginx
etag: W/"8d-yPL3fslPOc89L6cX/MgogNPZIbk"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86, rito/main-20210507-164040-1ce0cc0f07
x-envoy-upstream-service-time: 64
medium-missing-time: 0
content-length: 141
x-request-received-at: 1620409376141

GET
H3-29 200 responses.editor.cb3ff82c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 140ms
140ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.cb3ff82c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.3bb06726.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6362dd7cdd1e29cc8dee8acbf8950a64814508d7df74fa15f21df9f8b0672ab6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 165470
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: AAZJX9167BJG6JEN
x-amz-id-2: whzQRT4BSx52m06Etdfu0cDRwusGhdcjEPosw/4yFYs7WEzT7Y50XrpjteBkYVW5jtsTxqWrpOw=
last-modified: Tue, 04 May 2021 01:15:41 GMT
server: cloudflare
etag: W/"42c35724a019cb2379eb29ae19c29640"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: CTCoCgzLX.Y85OiO71iY2E_U6S.GXu67
cache-control: public, max-age=31536000
cf-request-id: 09e985f757000005d4ce2fd000000001
cf-ray: 64bc3f6bac7605d4-FRA
expires: Sat, 07 May 2022 17:42:56 GMT

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/ 50 KB
19 KB 152ms
49ms Script
application/x-javascript 143.204.101.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-50.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: 96876c40ac46caa83507ee4533dbbe643f438c9784e71c0fbf9086eb63dfa831

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 06 May 2021 20:14:15 GMT
Content-Encoding: gzip
Age: 77321
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Pragma: public
Last-Modified: Wed, 10 Mar 2021 16:22:10 GMT
Server: nginx
ETag: W/"6048f232-c8b4"
Content-Type: application/x-javascript
Via: 1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
Cache-Control: max-age=86400, public
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: aggPPBlEfE_clTrfqSXXaYLNADd4cJqzjVJ5vmeRYNeUtcHaXIfY7A==
Expires: Fri, 07 May 2021 20:14:15 GMT

GET
H3-29 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 25ms
24ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

685ebea4a8c71de75cf3b4f8c51d8ca871eb2edfbe2b5ae36c2becd2b22c4629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3957745
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f7ce0000061c8daf7000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f6c7a5e061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:56 GMT

GET
H3-29 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 22ms
22ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://morphuslabs.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1254553
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985f7ce0000061c39a58000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 64bc3f6c7a61061c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 07 May 2022 17:42:56 GMT

POST
H2 200 graphql Show response
morphuslabs.com/_/ 94 B
416 B 279ms
279ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6484.910e6b9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e8f4608d5f344ecec49c7d24c21d84967251827e24567599214a8f07fcd21921

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://morphuslabs.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 4e8c41bd48cfb5db
cookie: uid=lo_96508b973a78; sid=1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx; optimizelyEndUserId=lo_96508b973a78
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210507-160349-5f82b83623
content-length: 5763
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 4f6e06e6fd09001
medium-frontend-path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: morphuslabs.com
referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
:scheme: https
apollographql-client-version: main-20210507-160349-5f82b83623
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 4f6e06e6fd09001
Medium-Frontend-Path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Medium-Frontend-App: lite/main-20210507-160349-5f82b83623
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210507-160349-5f82b83623
ot-tracer-spanid: 4e8c41bd48cfb5db

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
sepia-upstream: medium
server: nginx
etag: W/"5e-tq7J5BvAd4/S3M7nctk3SfrMy+o"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86, rito/main-20210507-164040-1ce0cc0f07, tutu/main-20210507-011719-a7372163f9
x-envoy-upstream-service-time: 130
medium-missing-time: 4
content-length: 94
x-request-received-at: 1620409376891

POST
H2 200 graphql Show response
morphuslabs.com/_/ 462 B
786 B 253ms
253ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6484.910e6b9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a3695c793f84437b6ce7449b32852ab3646946c4f9aef80655364fe1ca5b03a6

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://morphuslabs.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 4e8c41bd48cfb5db
cookie: uid=lo_96508b973a78; sid=1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx; optimizelyEndUserId=lo_96508b973a78
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210507-160349-5f82b83623
content-length: 7139
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 4f6e06e6fd09001
medium-frontend-path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
graphql-operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: morphuslabs.com
referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
:scheme: https
apollographql-client-version: main-20210507-160349-5f82b83623
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 4f6e06e6fd09001
Medium-Frontend-Path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Medium-Frontend-App: lite/main-20210507-160349-5f82b83623
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210507-160349-5f82b83623
ot-tracer-spanid: 4e8c41bd48cfb5db

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
sepia-upstream: medium
server: nginx
etag: W/"1ce-OKvIl6YmJ6Z2RGi7/3nnwtJ3ylY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86, rito/main-20210507-164040-1ce0cc0f07, tutu/main-20210507-011719-a7372163f9
x-envoy-upstream-service-time: 100
medium-missing-time: 2
content-length: 462
x-request-received-at: 1620409376939

GET
H3-29 200 0*J2y62UJX9dZGcgmR.png
miro.medium.com/max/822/ 356 KB
357 KB 473ms
473ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/822/0*J2y62UJX9dZGcgmR.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76ee6ad0111680e31571b1a0938970493c585218ed7e4b35febe9d193b407f75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 60
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 364916
cf-request-id: 09e985f88f000005d40d07c000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f6d9a0f05d4-FRA
expires: Sun, 06 Jun 2021 17:42:57 GMT

GET
H3-29 200 0*AfVsdz2TZBKfkmtC.png
miro.medium.com/max/1510/ 666 KB
667 KB 153ms
152ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1510/0*AfVsdz2TZBKfkmtC.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

915fe14a746a4c9536fa4973d206f8a47275ab43f8fd81d8d9180df81b8c2361

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 72
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 682311
cf-request-id: 09e985f888000005d41a0f7000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f6d9a2405d4-FRA
expires: Sun, 06 Jun 2021 17:42:57 GMT

POST
H2 200 /
morphuslabs.com/_/clientele/reports/performance/ 0
0 141ms
140ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://morphuslabs.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_96508b973a78; sid=1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx; optimizelyEndUserId=lo_96508b973a78; lightstep_guid/lite-web=351e98672b552c0a; lightstep_session_id=3cea95ba3e954faf
content-length: 194
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: morphuslabs.com
referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86, clientele/main-20210429-142312-d58fea5c8a
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
morphuslabs.com/_/clientele/reports/performance/ 0
0 139ms
138ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://morphuslabs.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_96508b973a78; sid=1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx; optimizelyEndUserId=lo_96508b973a78; lightstep_guid/lite-web=351e98672b552c0a; lightstep_session_id=3cea95ba3e954faf
content-length: 221
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: morphuslabs.com
referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86, clientele/main-20210429-142312-d58fea5c8a
x-envoy-upstream-service-time: 6
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 781
date: Fri, 07 May 2021 17:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 07 May 2021 19:29:56 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 208ms
61ms Script
text/javascript 65.9.73.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ea0a2061a30e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbd2df6e58f0812e9283321aac64b6c7ed5ebd0077e83432f2f819a0b034d2e9

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 6Cdh9NU1ON9cKNB2jBN_G0b4Tiu_S4Aj
content-encoding: gzip
last-modified: Thu, 04 Mar 2021 23:37:43 GMT
server: AmazonS3
age: 120
etag: "6cda0ef7387562b5cd0274e72d8814f4"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 e13e8f228afcbd0862f27c6ebd714879.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Fri, 07 May 2021 17:40:57 GMT
x-amz-cf-pop: AMS1-C1
content-length: 23796
x-amz-cf-id: -3E6IBAh7qVV8-NbTm0DRQdceYj_Ve2-i9LWnmfaJ_KRijI7VWQ26A==

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 525ms
130ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1620409377233&plid=85916068&idsite=medium.com&url=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&sref=&sts=1620409377229&slts=0&title=Guildma+malware+is+now+accessing+Facebook+and+YouTube+to+keep+up-to-date+%7C+by+Renato+Marinho+%7C+Morphus+Labs&date=Fri+May+07+2021+19%3A42%3A57+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&pvid=41879076&u=pid%3D84457a9955a384797fde8326ce2f2a33
Requested by: Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 17:42:57 GMT
Cache-Control: no-cache
Last-Modified: Friday, 07-May-2021 17:42:57 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 524ms
130ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1620409377237&plid=85916068&idsite=medium.com&url=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22viewerStatus%22%3A%22visitor%22%7D&sid=1&surl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&sref=&sts=1620409377229&slts=0&title=Guildma+malware+is+now+accessing+Facebook+and+YouTube+to+keep+up-to-date+%7C+by+Renato+Marinho+%7C+Morphus+Labs&date=Fri+May+07+2021+19%3A42%3A57+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&js=1&pvid=35793715&u=pid%3D84457a9955a384797fde8326ce2f2a33
Requested by: Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 17:42:57 GMT
Cache-Control: no-cache
Last-Modified: Friday, 07-May-2021 17:42:57 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
13ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=941003907&t=pageview&_s=1&dl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&ul=en-us&de=UTF-8&dt=Guildma%20malware%20is%20now%20accessing%20Facebook%20and%20YouTube%20to%20keep%20up-to-date%20%7C%20by%20Renato%20Marinho%20%7C%20Morphus%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2023887080&gjid=2099348858&cid=1199988601.1620409377&tid=UA-24232453-2&_gid=1048296211.1620409377&_r=1&_slc=1&z=1337032995

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 07 May 2021 17:42:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://morphuslabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 0*AfVsdz2TZBKfkmtC.png
miro.medium.com/max/700/ 151 KB
152 KB 169ms
168ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/0*AfVsdz2TZBKfkmtC.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0c93a2c9dac96222efb252e254b4ce78cdc56774895024defe3a10522a29ab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 154553
cf-request-id: 09e985fa4e000005d4048a0000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f707a4305d4-FRA
expires: Sun, 06 Jun 2021 17:42:57 GMT

GET
H2 200 _r Show response
app.link/ 90 B
564 B 525ms
490ms Script
text/javascript 2600:9000:2104:6000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.58.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:6000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

d37417bd62fc569942b2cc5a30e65e945628bfa06bb931c40dd7e07244b0d614

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
via: 1.1 317b3418459e7cb903a13afaecea9340.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 90
etag: W/"5a-mmW7KUea2KnoKQyJZgOdi1Idkew"
x-amz-cf-id: 4b7kzBYn-_IvykrWJEZG8IhDtU_blsF2Yk0pE8GDN3lZ7ZInA5Q-hg==

GET
H3-29 200 0*J2y62UJX9dZGcgmR.png
miro.medium.com/max/700/ 278 KB
279 KB 138ms
138ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/0*J2y62UJX9dZGcgmR.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae14c06729d5d119566bcbc16721f8f6dee7e4916b64bede370121036aed0080

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 76
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 284601
cf-request-id: 09e985fb24000005d411852000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210505-193941-b3d1e33e7e
accept-ranges: bytes
cf-ray: 64bc3f71ddf905d4-FRA
expires: Sun, 06 Jun 2021 17:42:57 GMT

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
524 B 424ms
123ms XHR
application/json 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f4aede06f985bb52963e06332863da7bb8d0b6a1a54fb604616d9bc5fe54aba

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
x-envoy-upstream-service-time: 0
access-control-allow-methods: POST
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e985fd0000000746acb26000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jcU3bhluTX8O3KgODQWpUdZma94hYb%2BcfgsmCsxZ5YhzKPu%2Fec3%2Bm2rBhuXScsb5SOvpUVJcBdUklpG4P59lS%2BMA1c%2FBoNmnMlUslmm4kyiMEJCtPXUgJsRJ5d958TEv2w1q2S8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 64bc3f74ceae0746-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 156ms
132ms Preflight 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 07 May 2021 17:42:57 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 09e985fb4f00000746ca03a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X9YyPjgTOMtgVYzDvfbn4zzkopNItKTSoboD5WlqqIz3ClCDs7J%2BTMaC%2BkwFrbZeHizKxDaXoT3WM0uos1TnC%2FEdscUwqqdl2h4CuSO%2FUDr8HUjfuIriPH%2BChH3sEotiEMfMLhE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 64bc3f721df60746-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
625 B 219ms
187ms XHR
application/json 2600:9000:2104:c200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:c200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3153f3eac248b015e2147ad97ce4c785d6a6e7caa09446c3fb651eab962e251e

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 6df74e7640424346896e6486b8c9dc03-2021050717
content-length: 312
x-amz-cf-id: WpOHiMqtioR15B0IChBoWlhmpjX8bLZ3Oi7a0KghEcQ_qQDJhUghcw==

OPTIONS
H/1.1 200
OK log
errors.client.optimizely.com/ 0
0 665ms
134ms Preflight
text/plain 52.200.208.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Protocol: HTTP/1.1
Server: 52.200.208.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-208-53.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://morphuslabs.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Fri, 07 May 2021 17:42:58 GMT
Content-Length: 13
Connection: keep-alive

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
241 B 134ms
134ms XHR
text/plain 52.200.208.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/16180790160.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.208.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-208-53.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://morphuslabs.com
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Fri, 07 May 2021 17:42:58 GMT
Content-Type: text/plain

POST
H2 200 /
morphuslabs.com/_/clientele/reports/performance/ 0
0 141ms
141ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://morphuslabs.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_96508b973a78; sid=1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx; optimizelyEndUserId=lo_96508b973a78; lightstep_guid/lite-web=351e98672b552c0a; lightstep_session_id=3cea95ba3e954faf; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9%22%2C%22sref%22:%22%22%2C%22sts%22:1620409377229%2C%22slts%22:0}; _parsely_visitor={%22id%22:%22pid=84457a9955a384797fde8326ce2f2a33%22%2C%22session_count%22:1%2C%22last_session_ts%22:1620409377229}; _ga=GA1.2.1199988601.1620409377; _gid=GA1.2.1048296211.1620409377; _gat=1
content-length: 1441
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: morphuslabs.com
referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86, clientele/main-20210429-142312-d58fea5c8a
x-envoy-upstream-service-time: 6
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 profile Show response
api2.branch.io/v1/ 180 B
561 B 240ms
240ms XHR
application/json 2600:9000:2104:c200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:c200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

d458ecfac2380d7769d616706c426d1842d8bd3580630177e9aa75a83d5aa1c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"b4-Deo0QvWBk1cNM5Ma0AC2fOKYalc"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 5655927dfca84bf3b251043f83106159-2021050717
content-length: 180
x-amz-cf-id: L7luldHPBVatP301JofL15UYz_-e3pgDuqRqmwhamC5RiZ6xay0f3Q==

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 137ms
137ms Fetch
application/json 2600:1f18:24e6:b901:69e5:7deb:1a84:7339
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:69e5:7deb:1a84:7339 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 07 May 2021 17:42:58 GMT
content-length: 2
content-type: application/json

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ 0
0 292ms
95ms Preflight 2600:1f18:24e6:b901:69e5:7deb:1a84:7339
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Server: 2600:1f18:24e6:b901:69e5:7deb:1a84:7339 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-max-age: 0

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
387 B 190ms
189ms XHR
application/json 2600:9000:2104:c200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:c200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 654afbe6c565442ca15e684d7257e550-2021050717
content-length: 28
x-amz-cf-id: 6qy3CTUmwgx9bOg72hcfwdhEMH8EIao4BANYYVFu3ZKy98hKvYgi9Q==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
507 B 438ms
137ms XHR
application/json 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2738dadebf2447b4591913b08d27146e271c22cfb7401e10ba908f45ad8d60a

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:42:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
x-envoy-upstream-service-time: 0
access-control-allow-methods: POST
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e986017100000746bd1cc000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6vqswFbT0F6tk%2Fo3PEY%2FGUVuwQfIT1g3GvSv97NAOuA5TY97TzyRcjdvHnd3icTc3uIooiYlwLxBoyQnLiCD94GayRNkUlPN8NTrLGk0o7ey4WWPE9q8JtQdmrzbp7rWRSVn%2F4I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 64bc3f7beb570746-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 432ms
131ms Preflight 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 09e985ffc00000074672161000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pVhm9HVvH1WRHnQHHGSxeZ2aXdc8OqjR3ABHLMtPR252YhmlhszybvvXo2uuMfAWhjzZP0sH01XhJF0vND4AMNyV324wySJEUKvJNwswUwrYo69krYUBhyquuGPgd2VXIF3q5hw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 64bc3f793b300746-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
387 B 217ms
217ms XHR
application/json 2600:9000:2104:c200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:c200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 07 May 2021 17:42:58 GMT
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 3f2a2a79f6554e769900150298232e4d-2021050717
content-length: 28
x-amz-cf-id: _qx3BMBr-UZvhbOOp2Tpm8z1DqD9bkaJzXRZeDompgD9EjifkAiR4A==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
511 B 429ms
128ms XHR
application/json 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b63f075319ebe5881f96ada08222057766d394b9680c2f488924ea0855bb8fd

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:43:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
x-envoy-upstream-service-time: 7
access-control-allow-methods: POST
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e98604ce00000746e3375000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CjF5bTeXh9r9AtNSazlpjDtT%2BHopTfknjwTKUAIIZKAuY8WZh4i22Vglfdqz2qWjTJ4iocS8prmdKnKx%2But%2FTamR%2B1tpGAujSvDiq3njNqV%2BSe7Eu2jk1K9juE2diTfT%2BeaKU4E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 64bc3f814b220746-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 149ms
148ms Preflight 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 07 May 2021 17:42:59 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 09e986030c0000074697216000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sf419R4DfG6ja691AwC%2B2%2FqV8T3lSynavwHZ60sJhtcSTqQI25juYbE3JZrZ2xRgbJ73TMk9byBxijyHB21guC9DVHhboRHX0VMDoaN4SgHJZOQYzizpGpY2FBuzlKtv%2FlomzsQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 64bc3f7e7aa70746-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 436ms
135ms Preflight 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 07 May 2021 17:43:00 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 09e98607cb00000746a236d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rN7QxrmpCOCZe0RCeu4k9osSp%2FSdevnLRGv5mPlNjeJLN02FlwlbOCVvSP%2F0yzjOtiS2fCrln6mrdVUqu%2FcAFNcoxJSWkFrQd%2F3HGC9%2FL7w5M6ZL9%2BATPcHefhUBB4CC6ziczws%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 64bc3f8619ac0746-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
522 B 420ms
120ms XHR
application/json 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4455fd191938996aa951fdcd409cdc404dd58cf04a575e0d183b8c937d89b8e

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:43:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
x-envoy-upstream-service-time: 0
access-control-allow-methods: POST
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e986097f000007469fa97000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VMX3qo4Bcf2YqxarcQsBW94W1kvrH4yp8U8%2FYuBkZ6OJfWBtPBKsgjeAjCMvOGUMXhK40zsodB0YfbyR16VkD9ApM9qVYcdtN41QT%2FlPVAZG5yebq5jhYkcj9hUPGIxvK%2Bt4ZOU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 64bc3f88c8fd0746-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type

POST
H2 200 batch Show response
morphuslabs.com/_/ 17 B
246 B 302ms
301ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

sec-fetch-mode: cors
origin: https://morphuslabs.com
x-xsrf-token: 1
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
content-length: 5617
:path: /_/batch
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: morphuslabs.com
referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Fri, 07 May 2021 17:43:01 GMT
sepia-upstream: medium
server: nginx
content-type: application/json
medium-fulfilled-by: valencia/main-20210507-092505-443f529a86
x-envoy-upstream-service-time: 158
set-cookie: uid=lo_8dfbc2ebd4be; Path=/; Expires=Sat, 07 May 2022 17:43:01 GMT; HttpOnly; Secure
content-length: 17

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 179ms
179ms Preflight 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 07 May 2021 17:43:04 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 09e98614400000074699a3a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6NfnlgnJF%2Bp9L8nRG47h4MzYKhJEMy8UrW1HX2vnf6K3A%2FG75pYBkxqyF0WUm8%2BtPODF3Lz3ldxKJVMgKIqp%2B8mu72ubT%2FdXo%2BSBlfoejIX0cyykzybquIo2261CFAKkzbgTAAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 64bc3f9a0b190746-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
377 B 133ms
133ms XHR
application/json 2606:4700:e2::ac40:8b24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8b24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 009aa2ae5b241dd88ac6dcec26619e6c371c4ef739a0b0ad7dca5a742989ab90

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 May 2021 17:43:04 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
x-envoy-upstream-service-time: 0
access-control-allow-methods: POST
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e98614f700000746eda31000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B%2FCUgda7f3u%2Fyqe4hn6YRnk%2BE0%2F%2Bqp5JLE1lD%2F3cpRX%2FvChcaZTSOmSXhm%2BEs9IomXpPc9QkeqGaML4815Rs59AHhCZXHerYDQnYsKdY0mIm%2BqhucAs2WQ9TtdQ1vJ7tfKh6bT0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 64bc3f9b2e530746-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.morphuslabs.com/	1970-01-19 18:06:49	Name: _gat Value: 1
.morphuslabs.com/	1970-01-19 18:08:15	Name: _gid Value: GA1.2.1048296211.1620409377
.morphuslabs.com/	1970-01-20 11:38:01	Name: _ga Value: GA1.2.1199988601.1620409377
.morphuslabs.com/	1970-01-19 18:06:51	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9%22%2C%22sref%22:%22%22%2C%22sts%22:1620409377229%2C%22slts%22:0}
morphuslabs.com/	1970-01-19 18:16:54	Name: lightstep_guid/lite-web Value: 351e98672b552c0a
morphuslabs.com/	1970-01-19 18:16:54	Name: lightstep_session_id Value: 3cea95ba3e954faf
morphuslabs.com/	1970-01-20 02:52:25	Name: optimizelyEndUserId Value: lo_96508b973a78
morphuslabs.com/	1970-01-20 02:52:25	Name: sid Value: 1:DTh5dUmhimBlrNn9VMNVTdZrp+I+svJSZeaAILiJ1voO8o04GWpwcFFvHUdYvjcx
.morphuslabs.com/	1970-01-20 03:36:13	Name: _parsely_visitor Value: {%22id%22:%22pid=84457a9955a384797fde8326ce2f2a33%22%2C%22session_count%22:1%2C%22last_session_ts%22:1620409377229}
morphuslabs.com/	1970-01-20 02:52:25	Name: uid Value: lo_96508b973a78

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js(Line 1) Message: ... .,ok000Oxc. 'oxo, .' ,kWMMMMMMMMXo;. ;KMWMX: lK, ,0MMMMMMMMMMMWNd'xMMMMMO;xWl lWMMMMMMMMMMMMM0lOMMMMMKoOMo cNMMMMMMMMMMMMMk:OMMMMM0lkWl .dNMMMMMMMMMMKx; lWMMMWd.dN: ;kXWMMMMWKd' .oXWXx. ;o. .;ccc:,. .,.
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.f0906392.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
d1z2jf7jlzjs58.cloudfront.net
errors.client.optimizely.com
glyph.medium.com
lightstep.medium.systems
medium.com
miro.medium.com
morphuslabs.com
p1.parsely.com
www.google-analytics.com
143.204.101.50
2600:1f18:24e6:b901:69e5:7deb:1a84:7339
2600:9000:2104:6000:19:9934:6a80:93a1
2600:9000:2104:c200:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700:e2::ac40:8b24
2a00:1450:4001:80e::200e
2a02:26f0:6c00:2a0::13b8
52.0.16.118
52.200.208.53
52.205.167.202
65.9.73.67
009923faab2dff7b6c1aeed93de33f07f555a22eff57076530f9e68f3dc378e0
009aa2ae5b241dd88ac6dcec26619e6c371c4ef739a0b0ad7dca5a742989ab90
015c2c44e8e395216375e746d3125b1feac4cc9d6beddeb4fb909767dca584bd
0297ecee7cd3d457a617fb2bbf695901f2dcb7ec0a75834d8f9d04d9f0c98ae0
064e223d4a2519736ea857accce451e86889c9e0e056d01cdfb515fed128e853
065dca031654dd287e2aab6008b50fb40111247043b3c2599b9b10903e40d9bd
07097afa2112f890582862780e51240b956a99f50f88379f4c6052ee0e53c812
083dbe4c8a656c48931cea871be647dba79584764dfccdacca8088a10c73df4f
0b4a6ee70f280e752cfeea9d8ebd4d75b338ce88ff12f20e198a444250bf52a9
0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107
133ed550dddc1b952f90522ba29312935ec3c51cb2102c97402f20927c225a6c
15ee3ba370b6e19ffab24ef8aa9582c8222aa08c735ea041b720e7f523e8eb35
185c05e9357edaa686b42c77cfffa8b2ef48fee538121e84a34a9f2a6d4ef6d2
188d4ab1c1485ca3ff3c343f6ad81e5b9b025b94607188c8d0e5e81d29597e47
18c58e9ffeeeb5252d8f3170aec98c387d3be45775bbde1616db548d0a698366
2238d30029da71fab3a03236eca9f9c0260627d5a8220025b2e6f417fb0d4b8e
22b22085d461bc9010931dbf9a3d86a769dd8c6bd17bbe62f666c69d7aebc5b4
23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7
2487264e6d31a3796f975cfbf0289e5ef0256d3cea8d9e5a4483eeac09f688bc
260f0ab107ecb83701c72c34441f89657c036c76c1d038c43b31d250f9183e36
29d2b25d22c273ab1dad31cad38757374cad5768e57a594f2538e67dd030c3ff
2c1619c4620c9c56b460a072f356c192686176de8861f586eb116e8f57316665
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cfcce543fee5c13270c5b5fc977d97627e7c3e007897932c2bd8c4ad54f0675
2fd138d78e135bd0cff2a37a0b88f30cce29bc66a813a67192568ee57c1c6bcd
3153f3eac248b015e2147ad97ce4c785d6a6e7caa09446c3fb651eab962e251e
3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0
3791f3ddaf70def83b4b5e888e85c448ec0a681e5d9f7b983c5b30c35a09cf53
37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55
3d44331aa64c2bd076884c28002e7ab8f731e0c89e68e7a1a1cbd920db165054
41af3fc4dd15d2e6e273aca0177f9b0d31a240987f6aedf2c174e1963ba34a2d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
456440518b26baf30262e01a9922d85024bd36e74060e18f9965f574f7e8f14d
4ad3dd722269bdb661c9d824bed1d66bfd52646f73b9f1cac1c27fa4c64ea9b3
4f8aaf9910f854e3e44e2f2901d2505ed639bfab9b435468383b97c7db34bb8d
503eac93673838c7a8dae99c5c04b5df31ea90a198599754abf1aed6c06b4eb6
50eeaefe9e94677d3c8504498cd28748422d9555864e6215527853cc4eb91514
55b18f385c40f0447b76d62f8026eeb2c78325d5c2041ac051d2b978d25bc92e
5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285
582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071
5b63f075319ebe5881f96ada08222057766d394b9680c2f488924ea0855bb8fd
5f4aede06f985bb52963e06332863da7bb8d0b6a1a54fb604616d9bc5fe54aba
61df1c691c169e5eee23e389d4746fd846ffc7746356cba2e924d83445181a15
6362dd7cdd1e29cc8dee8acbf8950a64814508d7df74fa15f21df9f8b0672ab6
68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359
685ebea4a8c71de75cf3b4f8c51d8ca871eb2edfbe2b5ae36c2becd2b22c4629
6b620429ac05f49cf1c59b1d24593fc3d396a79b7fe2bdb41f82fdcf94c3c6ac
6fefca2e39b0c80d4d1c9b40a41787df0f738a85ff142e5295f17b2e96711ad3
7161183af4a0e2f26511e6f198029e66cf60dd2cb404083f566b1eeafded9e07
7223a4301655bc2f5cd603761b8e9b5fe465c767303e4c5ae9da072a60f73421
72ba43a3896f549ba6bf0f6360a9e4b3fec053d459f25b3e356096f43d1b75c8
76ee6ad0111680e31571b1a0938970493c585218ed7e4b35febe9d193b407f75
78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee
8162859bac88f83ac959059d26394ef030ba8c2928131fdd1e7e96d12f084b11
83b3a7d19901dce2225b8169547dd978156fd24081c6ec04b85ddd1989d02bc7
8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b
8b0e43cace16a8f48acbc0e9fba8359a08a75478a34a19891e67d85c13384aef
8c770f5838712c53206a0f6a475abb14883d82a1e118476171c7a3facf96f080
8c9685f66425f68dc25f5d210863f079b8ec71cdaa37ce8940dfc44e4ba0f3d2
915fe14a746a4c9536fa4973d206f8a47275ab43f8fd81d8d9180df81b8c2361
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
96876c40ac46caa83507ee4533dbbe643f438c9784e71c0fbf9086eb63dfa831
97bc159f0904ccbe8ca7ad1066fc157f214db01fac8f21692b1684087bd75ed3
99b72261d020e356b976b981f86d64b88f37f21b74c0a08fe7bd8add0e86c638
9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16
9c2d0f345f48da7eae159fb1c8240d2fbd8970db20383bc14f39af4436e56238
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a3695c793f84437b6ce7449b32852ab3646946c4f9aef80655364fe1ca5b03a6
a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d
a6d44b945ceab10c91046a1470b5876d5b838b1ac2b4af771202d8ff293a7007
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ac0c9a230e4aa480f06828696576bc94f2ea5dc932e66e98dfc47743e4b269ac
ad6c3ad092cea759f505d1ea15a3b0b2da672875f848244ddc50bcee827c426a
ad7e9dca0e8be1c4cb8efb4d39696d4af8928b6c1c81250d65d518d4c32a790a
ae14c06729d5d119566bcbc16721f8f6dee7e4916b64bede370121036aed0080
bbd2df6e58f0812e9283321aac64b6c7ed5ebd0077e83432f2f819a0b034d2e9
befc42916da44b486990e11816ecae723983b947620cb4a205276c7d4b9dfa59
c0c93a2c9dac96222efb252e254b4ce78cdc56774895024defe3a10522a29ab3
c2a446856aff8e0934a0d009a4a13311e324756bd4e478d1727cd3e4e87464ba
c673231e214aaad2f30eace7b4ce3aaf4476d8cfdebb1555132169864ec1ec17
c8bd158739cdd140f254aab1414e473319f03fa698b9ef2290f5864c7e68b043
c9fa9e9541ec1402c1518308c44d233f1d7b4614886976cfdda2eef7bf7cbab9
cd62a699d7609de1c34d4440c9efb41fe3e88d1714915cecf76a77d6956332c3
ced0a22eda6ef8a9deb59b17ec8cefb792343a5d38ecde9534698786d42f6d3b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff896eba3c403eabd6e84b5ff4edeba11b246affd828f13e52bd13bda839d18
d37417bd62fc569942b2cc5a30e65e945628bfa06bb931c40dd7e07244b0d614
d4455fd191938996aa951fdcd409cdc404dd58cf04a575e0d183b8c937d89b8e
d458ecfac2380d7769d616706c426d1842d8bd3580630177e9aa75a83d5aa1c4
dc67f265011a1c47298ea7d976f4e1bcbbdb10aecf52d1f58ced18bbbc910a60
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c257a59cc13d2b7b274694e7e73307f693ad68f16c8842d057ad5bc3274be6
e469b68ffc292560e6cb3ecc248c3433fc767cd1da76071575f66b43311529e8
e6334ed1b6ae353a78f3473f3851900b98439a17456c162b089924c4d6ceb65a
e8f4608d5f344ecec49c7d24c21d84967251827e24567599214a8f07fcd21921
e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
ed6e59ed9a53ee0d74414a46bc7544daafbe33b8b02085074475e4f3141f4abe
eddff416a7dac40284d0c2e167969f4b1a7f93e779fa175c47b5f71236af3e2e
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f2738dadebf2447b4591913b08d27146e271c22cfb7401e10ba908f45ad8d60a
f3599c674279fdc7ba6690f00ccc339aee2737ba41384133f07980c26fa82972
f3f8703a7b9376bdee2b8d2c841bebfa48e1630b18f3d3f2c5a05ab56201d322
fcbd409808227af2d9c3207f81a629f169cf23071af4687884d7b3d769d09613
fe41c04896df909954b6d10420ba301a384b9997a99aacb41bab3866f33078a8
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

morphuslabs.com Open in urlscan Pro 52.0.16.118 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

118 Requests

100 %HTTPS

62 %IPv6

10 Domains

15 Subdomains

13 IPs

2 Countries

2819 kBTransfer

4883 kBSize

10 Cookies

51 Outgoing links

Page URL History

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

morphuslabs.com Open in urlscan Pro
52.0.16.118 Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

100 %
HTTPS

62 %
IPv6

10
Domains

15
Subdomains

13
IPs

2
Countries

2819 kB
Transfer

4883 kB
Size

10
Cookies

118 HTTP transactions
0 data transactions