labs.guard.io Open in urlscan Pro
162.159.152.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae7...
Effective URL:
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae7...
Submission: On March 09 via manual (March 9th 2023, 3:59:11 am UTC) from PE — Scanned from DE

Summary HTTP 98 Redirects Links 66 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 98 HTTP transactions. The main IP is 162.159.152.4, located in and belongs to CLOUDFLARENET, US. The main domain is labs.guard.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 14th 2022. Valid for: a year.

This is the only time labs.guard.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	162.159.152.4 162.159.152.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 66	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:802::200e	15169 (GOOGLE) (GOOGLE)
1	108.138.17.81 108.138.17.81	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:230... 2600:9000:2304:e000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:249... 2600:9000:2491:4e00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
98	9

17 162.159.152.4 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

labs.guard.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

66 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:802::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-81.fra56.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2304:e000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2491:4e00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 10731 glyph.medium.com — Cisco Umbrella Rank: 21430 cdn-client.medium.com — Cisco Umbrella Rank: 22504 miro.medium.com — Cisco Umbrella Rank: 16529	2 MB
17	guard.io 1 redirects labs.guard.io	54 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 980 api2.branch.io — Cisco Umbrella Rank: 670	24 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 24	20 KB
1	app.link app.link — Cisco Umbrella Rank: 2168	634 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 880	6 KB
98	6

	Domain	Requested by
48	cdn-client.medium.com	labs.guard.io cdn-client.medium.com
17	labs.guard.io	1 redirects cdn-client.medium.com
16	miro.medium.com	labs.guard.io
8	glyph.medium.com	labs.guard.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
2	www.google-analytics.com	labs.guard.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	labs.guard.io
1	static.cloudflareinsights.com	labs.guard.io
1	medium.com	1 redirects
98	10

This site contains links to these domains. Also see Links.

Domain
rsci.app.link
medium.com
www.linkedin.com
www.guard.io
www.bleepingcomputer.com
www.virustotal.com
www.msi.com
gist.github.com
help.medium.com
policy.medium.com
itunes.apple.com
play.google.com
guard.io
benulansey.medium.com
dariusforoux.medium.com
medium.statuspage.io
about.medium.com
blog.medium.com
speechify.com

Subject Issuer	Validity	Valid
labs.guard.io Cloudflare Inc ECC CA-3	`2022-11-14` - `2023-11-13`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.branch.io Amazon RSA 2048 M01	`2023-02-21` - `2023-11-09`	9 months	crt.sh
appipv4.link Amazon RSA 2048 M01	`2023-02-24` - `2023-06-23`	4 months	crt.sh

This page contains 1 frames:

Primary Page: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
Frame ID: E74370296C21B21256A2C2749C7C4382
Requests: 98 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets | by Guardio | Medium

Page URL History Show full URLs

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-orga... HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-goo... HTTP 307
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-orga... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

98
Requests

99 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1871 kB
Transfer

3979 kB
Size

11
Cookies

66 Outgoing links

These are links going to different origins than the main page.

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F42ae73ee8a1e&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderUser&source=---two_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign up

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---two_column_layout_nav-----------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/search?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6a038e71ff0f&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&user=Guardio&userId=6a038e71ff0f&source=post_page-6a038e71ff0f----42ae73ee8a1e---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F42ae73ee8a1e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/natital/
Title: Nati Tal

Search URL Search Domain Scan URL

URL: http://www.guard.io/
Title: Guardio Labs

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/fbi-warns-of-search-engine-ads-pushing-malware-phishing/
Title: raised eyebrows in the FBI

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/3baf692a1589355af206f4e3886a09fe8997f0b62c78c1403556285eaba40e94/detection
Title: https://www.virustotal.com/gui/file/3baf692a1589355af206f4e3886a09fe8997f0b62c78c1403556285eaba40e94/detection

Search URL Search Domain Scan URL

URL: https://www.msi.com/Landing/afterburner/graphics-cards
Title: MSI Afterburner

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/fake-msi-afterburner-targets-windows-gamers-with-miners-info-stealers/
Title: was noticed by researchers

Search URL Search Domain Scan URL

URL: https://gist.github.com/guardiolabs/2178c54367d20b0655b5cc5e9d297760
Title: https://gist.github.com/guardiolabs/2178c54367d20b0655b5cc5e9d297760

Search URL Search Domain Scan URL

URL: https://gist.github.com/guardiolabs/7f46d1adda8b0c08e76f23d9fab27fe9
Title: https://gist.github.com/guardiolabs/7f46d1adda8b0c08e76f23d9fab27fe9

Search URL Search Domain Scan URL

URL: https://medium.com/tag/malvertising?source=post_page-----42ae73ee8a1e---------------malvertising-----------------
Title: Malvertising

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cybersecurity?source=post_page-----42ae73ee8a1e---------------cybersecurity-----------------
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://medium.com/tag/safe-browsing?source=post_page-----42ae73ee8a1e---------------safe_browsing-----------------
Title: Safe Browsing

Search URL Search Domain Scan URL

URL: https://medium.com/tag/google-ads?source=post_page-----42ae73ee8a1e---------------google_ads-----------------
Title: Google Ads

Search URL Search Domain Scan URL

URL: https://medium.com/tag/malware?source=post_page-----42ae73ee8a1e---------------malware-----------------
Title: Malware

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F42ae73ee8a1e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&user=Guardio&userId=6a038e71ff0f&source=-----42ae73ee8a1e---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6a038e71ff0f%2F42ae73ee8a1e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&user=Guardio&userId=6a038e71ff0f&source=post_page-6a038e71ff0f----42ae73ee8a1e---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ff776b280f31b&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&newsletterV3=6a038e71ff0f&newsletterV3Id=f776b280f31b&user=Guardio&userId=6a038e71ff0f&source=-----42ae73ee8a1e---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/crypto-scam?source=author_recirc-----42ae73ee8a1e---------------crypto_scam-----------------
Title: Crypto Scam

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F730944bbbfe6&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fstreamjacking-hijacking-hundreds-of-youtube-channels-per-day-propagating-elon-musk-branded-730944bbbfe6&source=-----42ae73ee8a1e----0-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page_footer_cta_write-------------------------------------
Title: Write on Medium

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cyber?source=author_recirc-----42ae73ee8a1e---------------cyber-----------------
Title: Cyber

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F9a9a459b5849&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fdormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849&source=-----42ae73ee8a1e----1-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cybersecurity?source=author_recirc-----42ae73ee8a1e---------------cybersecurity-----------------
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fd965fc84c179&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Foh-rats-how-guardio-found-a-way-to-detect-the-nastiest-of-scams-d965fc84c179&source=-----42ae73ee8a1e----2-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/metamask?source=author_recirc-----42ae73ee8a1e---------------metamask-----------------
Title: Metamask

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F7edb5b56a108&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fhow-to-lose-all-your-money-in-the-meta-verse-before-even-getting-started-7edb5b56a108&source=-----42ae73ee8a1e----3-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/malware-analysis?source=author_recirc-----42ae73ee8a1e---------------malware_analysis-----------------
Title: Malware Analysis

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F2496af43b89a&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fisotonic-2-the-army-of-bots-2496af43b89a&source=-----42ae73ee8a1e----4-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----42ae73ee8a1e--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----42ae73ee8a1e--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----42ae73ee8a1e--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----42ae73ee8a1e--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----42ae73ee8a1e--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----42ae73ee8a1e--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----42ae73ee8a1e--------------------------------

Search URL Search Domain Scan URL

URL: https://guard.io/
Title: https://guard.io

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6a038e71ff0f&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&user=Guardio&userId=6a038e71ff0f&source=post_page-6a038e71ff0f--two_column_layout_sidebar-----------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ff776b280f31b&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&newsletterV3=6a038e71ff0f&newsletterV3Id=f776b280f31b&user=Guardio&userId=6a038e71ff0f&source=---two_column_layout_sidebar-----------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://benulansey.medium.com/?source=read_next_recirc---two_column_layout_sidebar------0---------------------180769cf_bd81_41be_9392_2a895180e316-------

Search URL Search Domain Scan URL

URL: https://medium.com/the-pub?source=read_next_recirc---two_column_layout_sidebar------0---------------------180769cf_bd81_41be_9392_2a895180e316-------
Title: The Pub

Search URL Search Domain Scan URL

URL: https://benulansey.medium.com/artificial-intelligence-pornography-and-a-brave-new-world-6a66bbd483bb?source=read_next_recirc---two_column_layout_sidebar------0---------------------180769cf_bd81_41be_9392_2a895180e316-------
Title: Artificial Intelligence, Pornography and a Brave New World

Search URL Search Domain Scan URL

URL: https://medium.com/@rfeers?source=read_next_recirc---two_column_layout_sidebar------1---------------------180769cf_bd81_41be_9392_2a895180e316-------

Search URL Search Domain Scan URL

URL: https://medium.com/geekculture?source=read_next_recirc---two_column_layout_sidebar------1---------------------180769cf_bd81_41be_9392_2a895180e316-------
Title: Geek Culture

Search URL Search Domain Scan URL

URL: https://medium.com/@rfeers/6-chatgpt-mind-blowing-extensions-to-use-it-anywhere-db6638640ec7?source=read_next_recirc---two_column_layout_sidebar------1---------------------180769cf_bd81_41be_9392_2a895180e316-------
Title: 6 ChatGPT mind-blowing extensions to use it anywhere

Search URL Search Domain Scan URL

URL: https://medium.com/@free-thinker?source=read_next_recirc---two_column_layout_sidebar------2---------------------180769cf_bd81_41be_9392_2a895180e316-------

Search URL Search Domain Scan URL

URL: https://medium.com/@free-thinker/forget-chatgpt-you-will-not-regret-using-these-ai-tools-in-2023-7c2a39cc4901?source=read_next_recirc---two_column_layout_sidebar------2---------------------180769cf_bd81_41be_9392_2a895180e316-------
Title: Forget ChatGPT; You will not regret using these AI tools in 2023.

Search URL Search Domain Scan URL

URL: https://dariusforoux.medium.com/?source=read_next_recirc---two_column_layout_sidebar------3---------------------180769cf_bd81_41be_9392_2a895180e316-------

Search URL Search Domain Scan URL

URL: https://dariusforoux.medium.com/save-20-hours-a-week-by-removing-these-4-useless-things-in-your-life-c0d831b09a3a?source=read_next_recirc---two_column_layout_sidebar------3---------------------180769cf_bd81_41be_9392_2a895180e316-------
Title: Save 20 Hours a Week By Removing These 4 Useless Things In Your Life

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=---two_column_layout_sidebar----------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=---two_column_layout_sidebar----------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/?source=---two_column_layout_sidebar----------------------------------
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=---two_column_layout_sidebar----------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=---two_column_layout_sidebar----------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=---two_column_layout_sidebar----------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=---two_column_layout_sidebar----------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=---two_column_layout_sidebar----------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=---two_column_layout_sidebar----------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e HTTP 307
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

98 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e Show response
labs.guard.io/
Redirect Chain

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

198 KB
42 KB

606ms
606ms

Document
text/html

162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21f4cb2a43be5660b06493f50a488b7e115036678f4ebb706d53b9527b3d39a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7a5067362cd068f5-FRA
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Thu, 09 Mar 2023 03:59:05 GMT
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, lite/main-20230308-174848-2c85aa2dad, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
medium-missing-time: 497
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 443
x-request-received-at: 1678334344753

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7a5067352f15929b-FRA
content-length: 0
content-type: text/plain;charset=UTF-8
date: Thu, 09 Mar 2023 03:59:04 GMT
location: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 14

GET
H2 200 unbound.css
glyph.medium.com/css/ 18 KB
1 KB 89ms
67ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2868
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673a4a86929b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Mar 2023 05:59:05 GMT

GET
H2 200 manifest.6948e88f.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
6 KB 66ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.6948e88f.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40359356bbc76c936e0b699ec9b31188e2e07953d7765b53f07896a7be32f9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: aVTFXwuzmhic95LAFehca40UMlrzln0S
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NQXD9S57NYTJPZ3A
age: 38005
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: N9arss/MKoyYfeChvezKi7aio/Voy1xv1yr/kqFcLzpmD7fDYwy70mGVTSbDRu4qkdDLg0O7dvM=
last-modified: Wed, 08 Mar 2023 16:16:08 GMT
server: cloudflare
etag: W/"af6e9be431ddba47bd0aa77b0c3e91b8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a41929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 6963.e798ee94.js Show response
cdn-client.medium.com/lite/static/js/ 761 KB
230 KB 66ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19e170e5b154c37b3979be7ed58c5e304f3b70e683adc5289d342bba9fd84292

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: XgSuO4ZOfEB9shyqsTrT4lMlnhMEF9.d
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3DFKXBG750J1RR
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: JF9p/d/lXLLlUxKa/nmw18COjfFzHiYtQmPBXBHzR1NeNcAIFwRxL7EWXADZZ4SN7VUNhHgXRaY=
last-modified: Fri, 03 Mar 2023 20:16:00 GMT
server: cloudflare
etag: W/"7b65d38531b28c3db8af2e2a38cb3465"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a43929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 main.90bea55a.js Show response
cdn-client.medium.com/lite/static/js/ 727 KB
178 KB 44ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.90bea55a.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f08a022587c357232656c5a2c60047f9ea9bec647c02f51eb115533e1bb1c92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 5hJKCeHfOmyN8LgMXlWD.5j0Sx3GRtoO
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NQXA71NT0YD52PSC
age: 38004
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: odkRTAbOaHaTKkmdybDzcu3H/lINVCQcaDrgUQOHXvwV5GCSIY6/QdY8WvZyoo2C6wlbWNKqf/0=
last-modified: Wed, 08 Mar 2023 16:15:58 GMT
server: cloudflare
etag: W/"6fc0e245226d3a2ed5574ad544a751b0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a44929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 instrumentation.c71f0248.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 42ms
30ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.c71f0248.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 5yZx.RXNRFD2wk5kW8slm2OPTbsuZqQM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DN80NP6MC45XWT2W
age: 1074776
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XL/2Jb9u14qm8cCj//wgdYe0Ggn1t1G4gX21uBRkpd82xhiecCSbOyioU4BrWRYiv2q6edekGpo=
last-modified: Wed, 07 Sep 2022 22:21:02 GMT
server: cloudflare
etag: W/"1c4019035217766e8fa41b4d396c90c0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a42929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 reporting.bbdcaa9d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
973 B 61ms
49ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.bbdcaa9d.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: hDbV.8OiTMB.Vn8rqDBCJ.dxBb4bMoaR
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2R4YTKBCDDS6HF3J
age: 861990
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: hpLJFwZLVe3kLMmVyN1xu6SbW8NO3o//weOaZ5BXpjjUY6yHS7cvPj69YBWyN1dhbN/YbQe1UB4=
last-modified: Fri, 01 Jul 2022 00:11:40 GMT
server: cloudflare
etag: W/"72bc359fe3377069bd162b3be6ed3d05"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a40929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 5642.192d1a6b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 87ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5642.192d1a6b.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2f341c1673182be9a942b7aa6a93170a8a5acd0bb8b64cdf84284a82aec9f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: n_n7rXjwBx8NdAHNAXgtfapQkzy61MR_
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3C9R4NXB5PQAB0
age: 205842
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: tb2ovLSg7YWecAU+9/d0wjxl60CccWYCIXvjT5FXzuoo0pSlXkePfUh+rsoVaRvnGCqmJ913NHM=
last-modified: Fri, 03 Mar 2023 20:15:58 GMT
server: cloudflare
etag: W/"2537e7a2434ef295d9ad5d9a6841e8d9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a75929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 799.361fd2fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 30 KB
13 KB 83ms
72ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/799.361fd2fb.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03339318237f203c39972793a5232b2c94f3ea7a2c814641ae62660d8dd6e02b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: QMhsOw..2z7t_WH9w.ZD6x4nreWG.vQr
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG33HRZ7DN7FBY2W
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: JKaC1fn4iEDQS+SX7HMP5xGUVhmcDNQ9Cn4YrY0Sl/YORAv8Dp0FrFoMP3GMpoaYgZuLl5TdcGQ=
last-modified: Fri, 03 Mar 2023 20:16:01 GMT
server: cloudflare
etag: W/"3064a40f043f886dcc4f589b5706495b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a68929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1860.abea291f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 61ms
50ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1860.abea291f.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6173a1b363b6bffdf4ec8d533f260644b17cc6f8a747f2d4f529795a3cdf0c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: uS1tfjVEi120fx7YYvwb1tmcC69xBC_N
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CKH6YE43QJ55AQA6
age: 204800
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Q2BPbM1yg27+tTLenM0rnN6OFZaeLeGLVxQ+u+6Q13qKVuysDCpWVYYfoGtG4AKACwHCX1oWUp0=
last-modified: Fri, 06 Jan 2023 21:37:55 GMT
server: cloudflare
etag: W/"85d86a66b898bcf1f697adede4c175db"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a45929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 3838.7ae103cd.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 88ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3838.7ae103cd.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0573eb7e1b3f0dbaad578ead6eb03bfbd6280ae5d9a2827ad95b260717410939

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 2W.hiqflZMS1Uu78pZoO3HKgXmMTqecm
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CKH3FJ3BAV5QG9A3
age: 204800
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ZaIhFcLEkMb+8UMOJN8mZZ39MZMo1pkb+NEaDWNgT/xigPBH6WegPId2pY/Uacn7Qn7xh8faisc=
last-modified: Mon, 06 Mar 2023 18:50:07 GMT
server: cloudflare
etag: W/"7be8dacf1eb69da190ae2840037680db"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a60929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 2905.ddaf91db.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 66ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2905.ddaf91db.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff40d4c7b1aaa8a49bee55e7d815d71ed8af5a3e5c4359772d512eb0c0a73428

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 0gt8cR354Tme4L3wlYKA7rTZ4Z3vPYBi
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT928XK028QZCH4Q
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XkzNjTXKnI7+IMZZ1ozEDyAWrn+73GW6RArD9nir26JDpy49Dizhhql8Nzeslb5fgsuev2FOrx4=
last-modified: Tue, 07 Mar 2023 19:10:13 GMT
server: cloudflare
etag: W/"bae66f80773121448f066fc08576ad9c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a70929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 8007.e7e42be3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 66ms
55ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8007.e7e42be3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae4a152dbc443cb2190ebe669b3604fa97bae75f8012b0364ffb2ff2d4def713

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: GCST7lvuIH0KJ0ZTnx.wLhYNBstOq8pl
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG36YP10HMAVEYNT
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: tF5q+jafuBhzt+0SKoPKSaq6cCgnwGVA4BcgHoYQA16tBd96pb0AZZKir5g/qPdcj909ZK37kkA=
last-modified: Fri, 03 Mar 2023 20:16:01 GMT
server: cloudflare
etag: W/"70cde53a50943875dc8cdadc6cc02d19"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a71929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 8695.ac0f83b3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 42ms
32ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8695.ac0f83b3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50a979f6e8a062abeacd9791b81cbedbe908659d6bc12d73f1102167bfc41937

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: QHLtf7kDTyQGy0BXV0UCGe3J0J3T3OiS
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG31NKHVD77TXP3A
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: FqYubMp9+/5UC9f6/cfezA9WW3lwATrYE6pbEFHLrK++2E+q+nJaEbWJTsqOteFXOGM5O35IW2o=
last-modified: Fri, 03 Mar 2023 20:16:02 GMT
server: cloudflare
etag: W/"de93ef1b6b3aae9065a3d952e34db489"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a49929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 223.47051678.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 39ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/223.47051678.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e88164fddc42c9ed21a18ef51e2f2ace4803981dcf90a2e41967527203c31c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 2QgYVRHT8JbmsvI5YXzxA_lUydgceQli
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG36QHGJ4982MZCE
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Azv+jjyHK2wNr1EpcT/yLIchTLLvzA2Uwj0w9z6YPdRk3zD0ZUjfj7Ug7kM63xzut7OgYngJ1JE=
last-modified: Fri, 03 Mar 2023 20:15:53 GMT
server: cloudflare
etag: W/"0de4aeddd9677cdf9d3ba7b19fd4f012"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a47929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 8.1faf719c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
7 KB 65ms
55ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8.1faf719c.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccbf8f6f5fee60f84748f6a14c8fa1a89274f9a7cf54f22446e6151c82f53aea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: yS12w0j1GJl21QBs7NeDo3XYnNGk5kBD
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT961Y9YJ9V4XKQ6
age: 44823
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ra9TJDZ91rz2fiE8zg/D3ilpogQQmkIPeHjV4wXEkZ3cV0OMdniAAVU/7qmtxSeTSPSDLTAPuiQ=
last-modified: Tue, 07 Mar 2023 19:10:19 GMT
server: cloudflare
etag: W/"102e81127eaae8b13ad10b7836069caf"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a64929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 3115.4642c453.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 128 KB
37 KB 63ms
53ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3115.4642c453.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b29a449ad1af009b2100ec85a5d384b2311f87fc34ace991ccd7a6fc242bc497

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 1qSlkK2wXFWsXn7I9KofewatT98BgaMS
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT936M09RM6XGV8X
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: jPNNwhrSdDDXPGvkT7a+uHXc6rUPB5+fyTOBmmtYQLZVyaPEgIHHm/YexdX2wqHuA0VJCICysZE=
last-modified: Tue, 07 Mar 2023 19:10:13 GMT
server: cloudflare
etag: W/"d83a88f0abea737c09d3bd7abb376157"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a48929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 4341.a2173317.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 35 KB
9 KB 86ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4341.a2173317.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b672d4f5d5c4b5c432b3878247c5b308d33ea0000e1a884c8e11ad84bd111d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: mAkVnQWJ0PcAVZW69Wy9.RGDQmQlZKB_
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT98S4BKSKHSTXKA
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: g061T4b4jIc12RgGEC8jcL4IPgeKPyBrw6udBnIifz5CScMZtfwjZZV0CxxnAZ4ExQikxfLw3J8=
last-modified: Tue, 07 Mar 2023 19:10:15 GMT
server: cloudflare
etag: W/"6d4fc6a5f425df670954878e97fe2906"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a72929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 6714.db481b20.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
4 KB 80ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6714.db481b20.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

987b520121ba6601b336c4173fd71afba7c979fec402177956f0b6f251e63a42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: KldbtPfHtgxB1UEFzGJhV1zWUlOu6OjU
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3C8562PMX9BCA9
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 7C5CgdcVCYlVG158jTn1odly5FbMzsl6QcYCKTtBYxl2T4p8PQMZRaHynBNkg5yecqkI2FmXDTo=
last-modified: Fri, 03 Mar 2023 20:16:00 GMT
server: cloudflare
etag: W/"fb9c3f0df154ec7314bbcff0cb8c27b1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a85929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 5472.a7dd22a2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 81ms
72ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.a7dd22a2.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: gSXxPhc0hcRrksmL2PGhPrVOkWw4VC83
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: TYK0PEA01R37Z2AF
age: 861940
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /HTy1mXHJwPGew/xYMqQ7tFbF5Jg3lNbiP2FCK1QESRXm8fU5OQ78/pj2bTQ3xJ5WF5PwhIz13s=
last-modified: Fri, 21 Oct 2022 21:04:08 GMT
server: cloudflare
etag: W/"bfe1dd364c3e6da6632a1d6c3b6fb9a0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a6f929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 4129.6a4d10a0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 86ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4129.6a4d10a0.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e68af9e19b1951a0f951075d18a7a6cf1460afc41dbd9d7de4ccb545b345c5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: IPckfB5UfExQoF3_XN731.pHmXrlRJ.s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT943SGZ3YDBEW5M
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KDuakkhIuEmuV27+jZgtXBi5UCzcFNRE4t5uztcv98YPu7R2oaQ1EFg2oY3/vmbPt5xokd9KDLo=
last-modified: Tue, 07 Mar 2023 21:55:37 GMT
server: cloudflare
etag: W/"1f0d74870fe4aa0e78c133652002836b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a69929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 5530.b2058121.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
4 KB 65ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5530.b2058121.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f11fea2f690a1fd488f36854f4e03f02c1f7851fb0f54b04f61480181ff6e01

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: zegHBZ6BDPNuPchUCW2fspwF5KnvnuxH
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG30HMD4Z4MNY7AT
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: gjckcqkRUdxliukUc+3mEJGjbxKcZ9pNApEoew9sBA+OAkZNehpNKLIrYnFMua1vXdspd5IriVM=
last-modified: Fri, 03 Mar 2023 20:15:58 GMT
server: cloudflare
etag: W/"b0be2924816bab58c5a74788635a3b0e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a65929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 2287.a89f9d21.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
5 KB 77ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2287.a89f9d21.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93ec15dd15d0b36925c06e9cd208be62b2bd75010d9681c067867fc429b29d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: rqICbRIWEFamsXMFg_kW4QvWWY96KbA7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG33HSDPZ5HZSASJ
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: yhtm1SybL3c0lowTHiSFTNcc2ZWjKza/zm/yMdsfCwxjRiGYMBXAiPFXl/vTmzKEKIBMe3KpULo=
last-modified: Fri, 03 Mar 2023 20:15:53 GMT
server: cloudflare
etag: W/"a73a2c40d4fc740817809c493ef138ba"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a61929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 3283.6f321842.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 80ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3283.6f321842.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14fb576ea1e72739e366faa215d9fb0041d6840438f12251dc715decbf4735ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: WIA1FUgQ.Q8DYK7OceFll1ziAzJRgipH
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3114EK8KSBVMVM
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: pKYd3gKdhowhUMxr/FZIfi7BGk3ZrGQrcpqpm5ZwcmpQ6/KyeRpIZZX3UwFTkpaVtKiQEEH9lYU=
last-modified: Fri, 03 Mar 2023 20:15:55 GMT
server: cloudflare
etag: W/"50fae335998aee41115896f6fc756520"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a84929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 6336.00bed1ef.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
4 KB 78ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6336.00bed1ef.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1025779b3719099cbf1c8a544be1eb3119402eac49562aad8edc6116bfa84e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 7CIB48laOpBHTYIkNTvxqVY1lAz3jgTx
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: WN5CQ2MF340TYHJB
age: 727855
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ijkP9sUbIrhwuca3VczsXaqD4M9cdjprESTd5uJtorUtROEeLtiSu16h9A7e17Xwe+F1Rr9txtY=
last-modified: Fri, 10 Feb 2023 17:55:39 GMT
server: cloudflare
etag: W/"04ae6e6038ce4d8cce4715a0c31e3759"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a79929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 4960.a78b3cf3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
5 KB 85ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4960.a78b3cf3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f3dbce3634de8af969f812b77a3673a972649b8d3c7776b8dcbed83245e5045

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: _YuyMhHny9iH0d4RFZf33nm88DEraM99
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: WN533D6A2WH6YT01
age: 727236
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: oOrQ4e3VtdGcoBjYqwd31+PUilzhqqUJqw8G3NVHOZ3F2eulcVXqluAPlKOrNV0gXIa2cAwJqvI=
last-modified: Thu, 09 Feb 2023 21:47:38 GMT
server: cloudflare
etag: W/"f66b8a5e79426e8b0480c6d993c71af3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a7a929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1802.1dde9f90.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 42 KB
12 KB 79ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1802.1dde9f90.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

457c73fda826dc12d4ee8d563ddfbdb3971411032e4d661bd19a4420e6a8bcfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: dCPQw651JTmuRipVQXOrDUxmKAMooi7k
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT982KTH4KVJTDM9
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: jN+RdL7OuGH80be3g+u4Am9ZS1woDWPBTlUO1UxYQWXTLpVQyx8Zf3D7xWMJl2cIQpoYQVkprME=
last-modified: Tue, 07 Mar 2023 19:10:11 GMT
server: cloudflare
etag: W/"bfdb5e419c234024c996b86650621423"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a7e929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 6589.c2b7501f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
5 KB 76ms
68ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6589.c2b7501f.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ac9810f1cd971cfc9b794e9e837100c8229f89742785aee5d7c1291c23a26ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: tKqkTyQui4Eh7tmcOmazkWZt.pqlpooB
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3E6G4HDD3W18NN
age: 206842
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: JtXoP/OqWbN9o+mx+sxwR72MIX9WslFiwR2tKpM4gpR3cEhDLdvLAImPsLuH4wrGdPUq5yheJZs=
last-modified: Fri, 03 Mar 2023 20:16:00 GMT
server: cloudflare
etag: W/"a9a0c97c55d8b431fe72ba1b4ea75f0c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a74929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 5895.4dba9931.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
13 KB 77ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5895.4dba9931.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f376277fd75f93f145d8d50c47aae99b4473a2368d2fc3a73b69364a9391107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 4QiWQDjNkhl25ftAVEg0xWz0bcbIOIHd
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT915TPKRE7VPPVB
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 9MaCr29xaPskG9KKxRdAyqGEW5bXp8CnDnKKfJt2ifdAIlrK5nUJyx2oGe7gUWNRRGzJLD6kZyI=
last-modified: Tue, 07 Mar 2023 19:10:17 GMT
server: cloudflare
etag: W/"af4b523ecd1cf322dc51307f3fb76215"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a7b929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1743.674f8b84.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 80ms
72ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1743.674f8b84.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4d0b6c7f250326830946a25341bd8a84531424e165254fc97ccd9c8476adb5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: QJIc.ieWBSFAZruVyaB_GIpiiF2D.5LK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT95QZ65D5FP5ECJ
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: yUXx3DrgalLU/35ttM0vE21/zUk7ymyH4a3dLC3/uxcK2QCZCHKqrrv/jzP9SFtxHsS/upZID+A=
last-modified: Tue, 07 Mar 2023 19:10:10 GMT
server: cloudflare
etag: W/"893e65b07926c446c3ed0dd11ed197bc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a82929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 302.62445888.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 62ms
55ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/302.62445888.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e8fcd887379359f9bc929227ef9884376c8949b9a579a5c9c431bcb4f84ef39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 6bN859hlA_WXfOI_oNJ8JoHXrDwbKOXK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT9E3E4PB9F74HR2
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: tuXaLCOLtQHbpZcrsGe0CdqjstTDYp6TOAf1h7lREIeBBuWydFyOYGSWlt/15idkr2Y9OcK0Sy4=
last-modified: Tue, 07 Mar 2023 19:10:13 GMT
server: cloudflare
etag: W/"cf75505e2868b2b33129c1abbd51081f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a67929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 2817.deb35fd2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 53 KB
10 KB 38ms
31ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2817.deb35fd2.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56f327863a6cc5b4ab112d2c9039fca4bd7aa7178a2ff029f78a28a4b1e2cdbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: SAEpqlI2RYYPG6FLIRlDYSbq.IQG_Wg_
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT98PZD0BXYPT5Z7
age: 44996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: TWPz/VYlPbHSL7OAm/ePI6V4dwsZXUYINm8aX+wVS08lKwoDlyJE38uRxheDOEy4m3QiiRPbCNI=
last-modified: Tue, 07 Mar 2023 19:10:12 GMT
server: cloudflare
etag: W/"60ae7bb8df781dc0d463155d4cdf90de"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a2a46929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 2920.12aec699.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
6 KB 75ms
68ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2920.12aec699.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b75797cf449be117986913ab61b0fe44ab2aba98cd6fed86a319fab3fd3cd1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: DR8gakT9JplT5Vb0YlPa6H3hGjJ2y79M
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3648BYC86V9SVY
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: YHyC5ixQXytTnvzUewQz1HUhS4bvk3/Gxlz5XeN4o4PkMSvHXLan2bGRD0Km0TnV37V+7aUlufA=
last-modified: Fri, 03 Mar 2023 20:15:54 GMT
server: cloudflare
etag: W/"ec3127d2065aa849be5c5019c87d822f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a73929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 2223.8e707c7a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
2 KB 63ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2223.8e707c7a.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

019b9549d1add8514876e9aaabb20c29e90fcbca7c08eb7962168c4a1ad163c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 5.nIgPWC7IjBL9iWFsyUn3Nw0jWGAq.2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3E24RYR5ZWM0XH
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: OT/MPZ0nn8nMqoI4VFxI93CneHM3Fr3kyLAgUAzpkDicfGigqFkbU9kVfh8n2NFskC8Y5bk72GY=
last-modified: Fri, 03 Mar 2023 20:15:53 GMT
server: cloudflare
etag: W/"ec0d159a986229a6c6b9282fe8bcb8c4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a6b929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 8051.457bde5a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 60 KB
14 KB 84ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8051.457bde5a.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

885d2a1b5810cf1d074e1fb1df888e3fa1864b9fbc12923552393c0005df0612

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: knquvgSSWByCCBSgoccSvVXhKmMgvbpA
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG350ETXPE55A3P9
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: NohKWfZhH9RdUSCh/Nl9MmihKJOjNO7gc1zIAsCpesN3BZ6lIw3ZmDtS0XywNNyFwteJxDssLww=
last-modified: Fri, 03 Mar 2023 20:16:01 GMT
server: cloudflare
etag: W/"2c05b8ac4a89bfc628131ed0d90c5a50"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a6a929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 3720.93617161.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
4 KB 82ms
75ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3720.93617161.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46f0348f4760b3a2d6a2c45e65c7f3ebee3c782cd156ca2795d76a5ec231dacb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 4_Kqkj7vsoxqsrVzecpcBAEV0yjq0GJf
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NQXDHT3E381NC8C1
age: 38004
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: omjcSOv3Vgrk5sqgq3aQBroCY8ue6tNjR0eSeGsuTMHKGJddSgOatd4SH+TuiyB6KTJ25XV9ChE=
last-modified: Wed, 08 Mar 2023 16:15:14 GMT
server: cloudflare
etag: W/"89e6531dcb09fc9d7ba3e788bcd73fca"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a81929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 6832.18fbdb50.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
2 KB 81ms
74ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6832.18fbdb50.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5776a2f68fb63322999a753ca4b05ede0f104bcd41bfff97eda6e0b87caea5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: 0hocWM6.D7_8Yp1TRwWxpKMRcSJMy38T
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CKH7VRMT0RBZ45BE
age: 205174
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: uxiGY32YOX1FQM0tl58NEVF+UTnnJXYOtC2WxY3AKiNYXZHN+MEDETuz1G0AiKfpoxIrIr4gp0w=
last-modified: Mon, 06 Mar 2023 18:50:12 GMT
server: cloudflare
etag: W/"5b29545cb767e38b0d750a356e166a96"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a7f929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 6032.2b4136f9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 34 KB
8 KB 76ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6032.2b4136f9.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0638d5c75f2bdc3ff6f7356135aff8bf1d4af7ee094f46cde888f84d7360163

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: bj22CqvzEhMBxKZi8ZL_EsHG0v8xLrwn
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT9A6WRVWHN3YBGV
age: 44823
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: mjU4b7aG4wJxup91apx1VVBjj9kLhantmlGq2A0cfgTnrCEewIV1lICtVMVfhwexK+E6wLbDezo=
last-modified: Tue, 07 Mar 2023 19:10:17 GMT
server: cloudflare
etag: W/"931ec2b820ff5a9a0679c6df0b795d7c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a78929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 6974.b94d2340.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
7 KB 75ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6974.b94d2340.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

575be440fd61e4d3666cd1d027a88bca046ce1b2a4be3c49a4c192c6ebb02774

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: eYutijHrL8LVAjkCWfUVcJhzYxgRQ9uS
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 7337X6HRHZSFAGTH
age: 463268
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: cEN6Pwm//H+ZpZGXUFF0cyV8ENDO32heNPr80CpTI4rHZNLpBRJ6Z3QdEuQB8A6qzQnlR8oytlU=
last-modified: Wed, 15 Feb 2023 17:31:49 GMT
server: cloudflare
etag: W/"d39e78b5af1cb87cfd5dc2e50150e460"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a63929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 8936.cf13c70a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 103 KB
27 KB 81ms
75ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8936.cf13c70a.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd3737042561538aa202e82423ca4634e9376c108998cb36c776c910d882c867

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: .tlN36nz7Zu42VzM61G8C_atvq23VsIv
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT959XCR35NCHSNB
age: 44823
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: yAH6MnO+91R7sgXnusniZaBAimPGNJyg83/9Vv8oT5gO6Q27+KlwGrhiv8bmciOE58GBME3y0Ps=
last-modified: Tue, 07 Mar 2023 19:10:21 GMT
server: cloudflare
etag: W/"8b5a5f5f9e5800e6c3c4a75ce894c01d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a83929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 PostPage.MainContent.6cc48735.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
9 KB 81ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.6cc48735.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6d534e1a321dc0ae6faa1853a039140a6ca9abd33de37e49df202dfb1a6bc75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: SCSVC9v1ceIwU1ncZhaeYy2XjuVgRofE
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT9CE6V82Z3QT2RB
age: 44823
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: rvbCtjjE/LpmmcUCf9bzMt867dCiStDT3DzYRCw5UhARzPeRijbxZyX2FRennml4PGdF/yRrpIk=
last-modified: Tue, 07 Mar 2023 19:10:37 GMT
server: cloudflare
etag: W/"24b375181105a4e0bad703c806e9cb4b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a6e929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 7521.4a3a7bcd.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 76ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7521.4a3a7bcd.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb82f840bf8e07d2ab37b41941aa1c3f3835f365b41179d0deb2277290d8c068

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: UXCLm7qCylnULWzJq.o7cbpSUOoaAHth
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CY6R4M2V4SGJXRSN
age: 211676
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5krbce4w0DWxXU2pO6OPNe8lMJg3bcCQ9Rqs5eY4paP8Qmhz2sCuxuwsTtTSplwBzDJT0k72Z5Y=
last-modified: Fri, 03 Mar 2023 14:59:04 GMT
server: cloudflare
etag: W/"22e9a17836b69fb5e51f46eedf8dbc1b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a6d929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 5627.4b76647c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
4 KB 76ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5627.4b76647c.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99d5d1c0ccb1ffac4fefafc4ad9022d39bcc30846d3ea8f9b24d39cbf669c708

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: AcT2HitTJvabrcxECPomrsVCUfoytuIl
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT9D9MG73FJVQBE8
age: 44823
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: NwcV/s0J4W6jAE6VBJqf3FSvTQk4aGdXDLOU1RRn+DLGyizCXuJpOPaCTY/va+N2elZX1fqOfSI=
last-modified: Tue, 07 Mar 2023 19:10:17 GMT
server: cloudflare
etag: W/"3c14766895a334dbe2cb225f2511fb13"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a80929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 3114.e410cfe0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
2 KB 60ms
55ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3114.e410cfe0.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

388d289479f8bafcb918e33115ab7e3d6da5a0483208575284ce9aa7b9c3b0f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: PpqUV.HenDYvKWeZABzyq8eElDV9r92b
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2ZC30G719BBFEVRE
age: 474346
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: G0CCAmNQj6WpbY/JEN25p4iOEXd+JarYN+r1Ux9PupDND1uUOow2rKiouuhxnlbaWnmts8QXYhc=
last-modified: Thu, 16 Feb 2023 21:07:40 GMT
server: cloudflare
etag: W/"119d8f6185618c07b4b53a264e89b0ee"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a6c929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 8738.036f082b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 25 KB
6 KB 81ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8738.036f082b.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05427a1ce6b149bd97191ec801698f6dfd5676a93194139cdf1157d7c71afc48

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: nvN..I7z_jmudkQqdzqvfUKiY_idvMgD
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DT93VGHQ5FM4ZWV8
age: 44823
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: GkBbv9GoOGCZ4hO6CVZaYZJJP8Q+LKa2j7wwIdqN04Cl0PDvjpUc519PTBAC7BcLj0yzg/4osvA=
last-modified: Tue, 07 Mar 2023 19:10:20 GMT
server: cloudflare
etag: W/"4ed55838ac6229e53534b580d2de2b3d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a76929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 PostPage.RightColumnContent.5fe9b299.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 25 KB
7 KB 75ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.5fe9b299.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cec72a4f2e85624adda332b1d3dbf704630104ee33c73f46a20b02e3163cb2d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
x-amz-version-id: F3SvdK_YqeVt4HSxkfdqq8cvvgznTK.E
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG3CFHXBC3TM6JEV
age: 206843
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XnePoiYuBF7d9pqFApO/hYG1nfK6IvCitAdo1RAke9MhUuqB4WCUT9JGVZa83D54IzDhK1pqZlI=
last-modified: Mon, 06 Mar 2023 18:19:28 GMT
server: cloudflare
etag: W/"2d70c0f6befe9c6ef986361f7db64087"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673a4a7c929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 107ms
55ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7a50673a7e473821-FRA

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 80ms
57ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5531794
x-envoy-upstream-service-time: 39
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673c4eed2c27-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 98ms
76ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5531795
x-envoy-upstream-service-time: 51
server-timing: cf-q-config;dur=7.9999999798019e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673c4eee2c27-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 78ms
56ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5531795
x-envoy-upstream-service-time: 30
server-timing: cf-q-config;dur=4.9999998736894e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673c4eeb2c27-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H3 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 117ms
95ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5531795
x-envoy-upstream-service-time: 34
server-timing: cf-q-config;dur=5.0000001010631e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673c4eef2c27-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H3 200 source-code-pro-400-normal.woff
glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 98ms
76ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5531645
x-envoy-upstream-service-time: 583
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673c4ef02c27-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 58ms
36ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5531795
x-envoy-upstream-service-time: 48
server-timing: cf-q-config;dur=2.9999998787389e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673c4ef12c27-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 57 KB
57 KB 99ms
96ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5531785
x-envoy-upstream-service-time: 46
server-timing: cf-q-config;dur=4.9999998736894e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7a50673c4ef32c27-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/v2/resize:fill:64:64/ 1 KB
2 KB 59ms
31ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 480275
x-envoy-upstream-service-time: 43
content-disposition: inline; filename="1*dmbNkD5D-u45r44go_cf0g.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1310
x-request-id: b019cc1c-dc12-4f57-a350-e915bc339ed4
sepia-upstream: medium
server: cloudflare
etag: "qUlGJkYhB4LINmyi_TVOvM25Dy409gGbmK5EqrHhPd0/RImNiNjU3ZGRlN2RhNjI0NjU3YTVmNmQ0ZDdhNzEyMDM3Ig"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7a50673c7be5929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1*s7SJaF9dODo7rWqa2rFQ6Q.png
miro.medium.com/v2/resize:fill:96:96/ 5 KB
5 KB 61ms
32ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:96:96/1*s7SJaF9dODo7rWqa2rFQ6Q.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4915cb0960fda9afe3b4d35b4e569e4944be7be81c2f7f30d16f88f4cbbf5eb6

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 32010
x-envoy-upstream-service-time: 119
content-disposition: inline; filename="1*s7SJaF9dODo7rWqa2rFQ6Q.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5020
x-request-id: 6dceab6b-0001-4a57-ae28-fcb9c4cf779b
sepia-upstream: medium
server: cloudflare
etag: "2ClxYkeZkhLd4kUTfpOdRzBNwICgGzimHBVrQIKoB9U/RImIzYjQ4OTY4NWY1ZDM4M2EzYmFkNmE5YWRhYjE1MGU5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a50673c7be7929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1*r3OOabtRnFMn_7VwyvkjNQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 18 KB
19 KB 159ms
130ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*r3OOabtRnFMn_7VwyvkjNQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76c34eae20e4ae420ba44ee11acdc26a0d54c18cd03296a65101d3bc7593d978

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 595
content-disposition: inline; filename="1*r3OOabtRnFMn_7VwyvkjNQ.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18848
x-request-id: 3e8cd3d4-7b34-451b-bfb1-31f70eb8d78d
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImFmNzM4ZTY5YmI1MTljNTMyN2ZmYjU3MGNhZjkyMzM1Ig"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-184555-fa5ac49e5e
accept-ranges: bytes
cf-ray: 7a50673c7be6929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1*Nhgz4O-kugq-iA0ZyewdJQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 14 KB
14 KB 151ms
123ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*Nhgz4O-kugq-iA0ZyewdJQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bfe36ba78327a014b19111e978f4925c57e08ef282381672accc4548e01198f

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 451
content-disposition: inline; filename="1*Nhgz4O-kugq-iA0ZyewdJQ.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14048
x-request-id: 3392feb0-9891-484a-bc78-a2a64670422d
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjM2MTgzM2UwZWZhNGJhMGFiZTg4MGQxOWM5ZWMxZDI1Ig"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230306-181122-0143f83bb5
accept-ranges: bytes
cf-ray: 7a50673c7be9929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1*bp6OLgDK6uXUrwKumwLNYw.png
miro.medium.com/v2/resize:fit:720/format:webp/ 24 KB
25 KB 421ms
393ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*bp6OLgDK6uXUrwKumwLNYw.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cb495b2e2fa122610f565a47b327fd53efcc27f253c5d513db42888b28220c4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 530
content-disposition: inline; filename="1*bp6OLgDK6uXUrwKumwLNYw.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25010
x-request-id: 2ad55f9e-ad22-452b-8c7b-9f1a346d9d77
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjZlOWU4ZTJlMDBjYWVhZTVkNGFmMDJhZTliMDJjZDYzIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-184555-fa5ac49e5e
accept-ranges: bytes
cf-ray: 7a50673c7be8929b-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H2 200 1*o6dnII4nvVrYo1tkX4rSlQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 18 KB
18 KB 171ms
142ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*o6dnII4nvVrYo1tkX4rSlQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e83b7d6faf5d6660a5a1362b1488cf342b71ef9242ab72a3fe9b4757400870c8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 486
content-disposition: inline; filename="1*o6dnII4nvVrYo1tkX4rSlQ.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18426
x-request-id: aeacbfaa-dfdd-47c3-85ee-73bae952bc69
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImEzYTc2NzIwOGUyN2JkNWFkOGEzNWI2NDVmOGFkMjk1Ig"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-184555-fa5ac49e5e
accept-ranges: bytes
cf-ray: 7a50673c7bea929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1*49e3qzis_eaXTI3gmygWLQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 62 KB
62 KB 151ms
150ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*49e3qzis_eaXTI3gmygWLQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c86e6bb53fc3a7d7fa29e64b69f6b20d95f5968ee9b63e739dddde2381951fdc

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:05 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 1101
content-disposition: inline; filename="1*49e3qzis_eaXTI3gmygWLQ.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 63004
x-request-id: bd4f2dcc-0927-4f07-bb6b-139f9252c2c7
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImUzZDdiN2FiMzhhY2ZkZTY5NzRjOGRlMDliMjgxNjJkIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-184555-fa5ac49e5e
accept-ranges: bytes
cf-ray: 7a50673cac0d929b-FRA
expires: Fri, 08 Mar 2024 03:59:05 GMT

GET
H2 200 1*s7SJaF9dODo7rWqa2rFQ6Q.png
miro.medium.com/v2/resize:fill:176:176/ 13 KB
14 KB 391ms
390ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:176:176/1*s7SJaF9dODo7rWqa2rFQ6Q.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e80a252cee9dbd81949fcda2a31ee089bba091c13482d2a2044670c42920b619

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 135
content-disposition: inline; filename="1*s7SJaF9dODo7rWqa2rFQ6Q.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13744
x-request-id: 2b319afe-2bd7-45d8-8cf6-e1f7d41f8f93
sepia-upstream: medium
server: cloudflare
etag: "cYOHBppU5_IQqNc_J_FqxtylWztmHm-fdmnA7PgkwUg/RImIzYjQ4OTY4NWY1ZDM4M2EzYmFkNmE5YWRhYjE1MGU5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a50673cac0e929b-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 2230.571ed6c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 38ms
38ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2230.571ed6c4.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.6948e88f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
x-amz-version-id: jyYM.ZgM9PE2gJOEnsek2uD4i4PcWdTK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 5B1CYTHMK2616DY7
age: 815051
server-timing: cf-q-config;dur=5.0000001010631e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Otu4Bzadtbnet2y7EcEb8o/GGiEGQboxNDtYyXCV5GM+59Q94+pwvBgKKEOrg9xRHn4Y4uwRjlE=
last-modified: Mon, 24 Oct 2022 03:04:44 GMT
server: cloudflare
etag: W/"80138a2fe8e56b8f784a37863eea34c5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a50673f79ccbbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 PostGiveTipOnExternalPlatform.9d2f1bb0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 30ms
30ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostGiveTipOnExternalPlatform.9d2f1bb0.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.6948e88f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4a0cb6328126994438b5a127dc9d3bb890323c339df243cc9f19bc3bde40bfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
x-amz-version-id: gfVC0i9ar1hRC7yHzx0kIpM2hym2t6ri
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2A6P84E28JSP8YA7
age: 206838
x-amz-server-side-encryption: AES256
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vA9lirNj43z6QkmTpGbyFmB32LEvivucepjrDE0ZWsI6trIBiNDiFEsb6NNY/jhQK3K7powF82o=
last-modified: Fri, 03 Mar 2023 20:16:19 GMT
server: cloudflare
etag: W/"0c24ccc2ef91aca3121eafe35386f13a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a5067403a5dbbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

POST
H3 200 graphql Show response
labs.guard.io/_/ 143 B
570 B 205ms
205ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaa279aa1745ddf54c82b83d5b04c5b1a036706a41e17b436554b60e3b5b4604

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 15
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"8f-Vr3rKUQezNDA9fzH/E5AZEOZnnE"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d
cf-ray: 7a5067413e88bb9b-FRA
x-request-received-at: 1678334346563

POST
H3 200 graphql Show response
labs.guard.io/_/ 987 B
889 B 200ms
200ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3226ee21a129aa3eeb759dfab18026b5d577e9758b18b8e9f4d1108d6094ee13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 62
server-timing: cf-q-config;dur=6.9999998686399e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"3db-eCPM+x7vTRxtclWSOuU8YGOEYBg"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
cf-ray: 7a5067413e8abb9b-FRA
x-request-received-at: 1678334346517

POST
H3 200 graphql Show response
labs.guard.io/_/ 457 B
770 B 187ms
186ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7576be30972afc8627c169297092b270340fc6bd29eb55e6a98223bbe3abc781

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: FloatingPostActionsQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 49
server-timing: cf-q-config;dur=7.0000000960135e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1c9-sElPV35sLNIlNzXgNg+60DTIQp8"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
cf-ray: 7a5067413e8cbb9b-FRA
x-request-received-at: 1678334346523

POST
H3 200 graphql Show response
labs.guard.io/_/ 210 B
620 B 204ms
203ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39f3ac287e7edaf282cb691edd135e0f45455dff9bcaaa4e5e2c2cfefe5a38b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 64
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-1B/DMyVTYWnQQyGTtJxdC4x+WGc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
cf-ray: 7a5067413e8dbb9b-FRA
x-request-received-at: 1678334346522

POST
H3 200 graphql Show response
labs.guard.io/_/ 108 B
583 B 201ms
200ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: usePostPageMeterQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 64
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
cf-ray: 7a5067413e8ebb9b-FRA
x-request-received-at: 1678334346522

POST
H3 200 graphql Show response
labs.guard.io/_/ 5 KB
2 KB 381ms
381ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3385208a1bf3efea8140ee5625be3c8e03d51e5b16053dfe894526bf7b51144b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: RecircSidebarQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 242
server-timing: cf-q-config;dur=5.0000001010631e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1530-JhsxvfapPh3ilQeqO+e7nEjtNQE"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
cf-ray: 7a5067413e91bb9b-FRA
x-request-received-at: 1678334346525

POST
H3 200 graphql Show response
labs.guard.io/_/ 27 B
458 B 163ms
163ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: ViewerQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 25
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27
x-xss-protection: 0
server: cloudflare
etag: W/"1b-zcE2qsOE110W+7rHoTa9C+cwT68"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d
cf-ray: 7a5067413e93bb9b-FRA
x-request-received-at: 1678334346525

POST
H3 200 graphql Show response
labs.guard.io/_/ 96 B
571 B 197ms
197ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38fee571b34dfd85de8f16ee665dc12c5686d6940737b5ca036fe621db52ae56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 63
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"60-IG4p1kXe2Q1Y60HwxBrIYyYd7t4"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
cf-ray: 7a5067413e96bb9b-FRA
x-request-received-at: 1678334346526

POST
H3 200 graphql Show response
labs.guard.io/_/ 103 B
553 B 160ms
160ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd224bdd1cd021d301cc3bb2b72c90d07b36ef0d6185746d002bf02703e00a49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 32
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"67-xToiG0JEnz0VQMzHvcRkZrfVCgk"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d
cf-ray: 7a5067414e9dbb9b-FRA
x-request-received-at: 1678334346523

POST
H3 204 rum Show response
labs.guard.io/cdn-cgi/ 0
175 B 22ms
22ms XHR
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/cdn-cgi/rum?

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
content-type: application/json

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://labs.guard.io
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7a5067419ecdbb9b-FRA

POST
H3 200 graphql Show response
labs.guard.io/_/ 81 B
534 B 169ms
169ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 37
server-timing: cf-q-config;dur=5.0000001010631e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"51-hbfNDSGVO0/XLJV9LgsKsOBLP4E"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d
cf-ray: 7a506741bee5bb9b-FRA
x-request-received-at: 1678334346586

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 151ms
150ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.90bea55a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, clientele/main-20230228-191311-a57069f5b0
x-envoy-upstream-service-time: 12
cf-ray: 7a506743985fbb9b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 146ms
146ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.90bea55a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, clientele/main-20230228-191311-a57069f5b0
x-envoy-upstream-service-time: 16
cf-ray: 7a5067439860bb9b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 150ms
150ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.90bea55a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, clientele/main-20230228-191311-a57069f5b0
x-envoy-upstream-service-time: 15
cf-ray: 7a506743a864bb9b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 121ms
33ms Script
text/javascript 2a00:1450:400d:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 09 Mar 2023 03:17:30 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 2496
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 09 Mar 2023 05:17:30 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 72 KB
22 KB 94ms
22ms Script
text/javascript 108.138.17.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=2376f6b74966
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 83cad37f70113f7b8bbb98c2ef8ee949f9a611e402e55ee826aef65130f2ef77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: LzwY9oP1_KD6QZAz0SCDQRP53VCVCZV0
content-encoding: gzip
via: 1.1 26f61e70ac4b967ea82841cbd2dc7cf0.cloudfront.net (CloudFront)
date: Thu, 09 Mar 2023 03:58:31 GMT
last-modified: Thu, 17 Nov 2022 20:07:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 35
etag: "2a6320386437cc44ae1713f25f6ea30b"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 22048
x-amz-cf-id: Mju-EjmLMrvMycScYJU8gnyZH5Ae9vX2RXT3xxjBBzRsOUeeb1GRYA==

GET
H3 200 1*QZGSEXvi0i5YSs-ULqeSQQ.gif
miro.medium.com/v2/resize:fill:20:20/ 728 KB
729 KB 55ms
54ms Image
image/gif 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:20:20/1*QZGSEXvi0i5YSs-ULqeSQQ.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5ec84b4479f160ae00a8581b4313631e143470c45cbc2e43a7aab0006f9c286

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 479886
x-envoy-upstream-service-time: 66
content-disposition: inline; filename="1*QZGSEXvi0i5YSs-ULqeSQQ.gif"
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 745447
x-request-id: 2a0babe6-0b7c-43a4-a84b-7457d9c7f847
sepia-upstream: medium
server: cloudflare
etag: "419192117be2d22e584acf942ea79241"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cbdbbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 0*pAwu3ddDMjJKi5C3
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 2 KB
2 KB 36ms
35ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/0*pAwu3ddDMjJKi5C3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82a1d706a0ada3fd9902c92661ef0928f6d2f72f7dd0ef106552c15b5d9588e7

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 479886
x-envoy-upstream-service-time: 171
content-disposition: inline; filename="0*pAwu3ddDMjJKi5C3.jpg"
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1603
x-request-id: 352be326-4a2e-48b8-869c-e7ed632e207d
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjFkOWZmNjI4YWQ5NzdjZTI3YzQ4Mzc2MTI5ZmY5OGQ4LTIi"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cbebbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 1*Gr0xVxA3lg7una5lydy1Og.jpeg
miro.medium.com/v2/resize:fill:20:20/ 695 B
1 KB 55ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:20:20/1*Gr0xVxA3lg7una5lydy1Og.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a376c49443bfaf8f547bb7c4401edd5dd8d427923cbb85c76db344d182b06ee4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 479886
x-envoy-upstream-service-time: 77
content-disposition: inline; filename="1*Gr0xVxA3lg7una5lydy1Og.jpg"
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 695
x-request-id: 194bb166-6f59-4bfe-9737-878b114e235f
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RIjFhYmQzMTU3MTAzNzk2MGVlZTlkYWU2NWM5ZGNiNTNhIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cbfbbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 1*qDHxdjf90F2FFOL6NvdTBw.png
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 8 KB
8 KB 37ms
36ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/1*qDHxdjf90F2FFOL6NvdTBw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc51bd154a245d88f2b2d9bf690af5e4776c523e7eeb84d56d27877d8b016982

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 479886
x-envoy-upstream-service-time: 77
content-disposition: inline; filename="1*qDHxdjf90F2FFOL6NvdTBw.png"
server-timing: cf-q-config;dur=6.9999998686399e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7859
x-request-id: 1c9b4002-8936-436c-9a9b-4bf7ca190301
sepia-upstream: medium
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RImE4MzFmMTc2MzdmZGQwNWQ4NTE0ZTJmYTM2Zjc1MzA3Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cc1bbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 1*Akrwrq840ma0rGbbWDrGPQ.jpeg
miro.medium.com/v2/resize:fill:20:20/ 695 B
1 KB 36ms
35ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:20:20/1*Akrwrq840ma0rGbbWDrGPQ.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c6d9ecef6ef9039b56be0a22516879485fddb54a0cda65baf2898d0654f3375

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 477234
x-envoy-upstream-service-time: 112
content-disposition: inline; filename="1*Akrwrq840ma0rGbbWDrGPQ.jpg"
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 695
x-request-id: 1d19d219-3e44-4778-bb7e-11110f0dd6c5
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RIjAyNGFmMGFlYWYzOGQyNjZiNGFjNjZkYjU4M2FjNjNkIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cc2bbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 0*4L42dhzN7yF6OPFx.png
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 3 KB
4 KB 148ms
147ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/0*4L42dhzN7yF6OPFx.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e0307d6bb9c6c2e1ed9008ed7f024a51729dfe310737553afb3cdaeb326f9c1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 477234
x-envoy-upstream-service-time: 41
content-disposition: inline; filename="0*4L42dhzN7yF6OPFx.png"
server-timing: cf-q-config;dur=4.9999998736894e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3473
x-request-id: 666660fa-b551-4040-864a-8e4830e0f4e3
sepia-upstream: medium
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjI0MWRkNDk5ZGUzYThhY2I4NDlkMDMyOTM4ZDYyZmJhIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cc3bbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 1*3STednUKL3lkYQxtw1Xavg.jpeg
miro.medium.com/v2/resize:fill:20:20/ 1 KB
2 KB 55ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:20:20/1*3STednUKL3lkYQxtw1Xavg.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76636eff74ef48f66f3600365f2ab005ac32695eac0d7a69d511440bdc9976e1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 479336
x-envoy-upstream-service-time: 44
content-disposition: inline; filename="1*3STednUKL3lkYQxtw1Xavg.jpg"
server-timing: cf-q-config;dur=5.9999999848515e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1189
x-request-id: 5081583f-3688-4a65-ab9e-49f92896b722
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RImRkMjRkZTc2NzUwYTJmNzk2NDYxMGM2ZGMzNTVkYWJlIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cc4bbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H3 200 1*MfFhiLsxaWhbobNnUG7cig.png
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 4 KB
4 KB 56ms
55ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/1*MfFhiLsxaWhbobNnUG7cig.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e031dd55aaf1d9ccfab2bf35155388631f3ffa20a60090f1fecca99c609a1a19

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:06 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 479336
x-envoy-upstream-service-time: 212
content-disposition: inline; filename="1*MfFhiLsxaWhbobNnUG7cig.png"
server-timing: cf-q-config;dur=5.0000001010631e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3713
x-request-id: e341cb8d-25f2-4150-b159-7a39d2cc23aa
sepia-upstream: medium
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjMxZjE2MTg4YmIzMTY5Njg1YmExYjM2NzUwNmVkYzhhIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7a5067442cc6bbf2-FRA
expires: Fri, 08 Mar 2024 03:59:06 GMT

GET
H2 200 _r Show response
app.link/ 91 B
634 B 447ms
359ms Script
text/javascript 2600:9000:2304:e000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.71.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2304:e000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

e33b1a19f28cb5299058397bd8e0b7cd5a63b8c557257d596e724e6134955501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 4f41a6860ab116e6fd0a110c5ba1420a.cloudfront.net (CloudFront)
server: openresty
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop: VIE50-P1
etag: W/"5b-Vjh6hXU/AskHwXIJoPNKFjtzrac"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: OFxRLWgZcjKWiHrKMsJBkKGk_kJT4lC_G7KYGys_mMRJiT5yHe5fJw==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
206 B 55ms
55ms XHR
text/plain 2a00:1450:400d:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1661144361&t=pageview&_s=1&dl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&ul=en-us&de=UTF-8&dt=%E2%80%9CMasquerAds%E2%80%9D%20%E2%80%94%20Google%E2%80%99s%20Ad-Words%20Massively%20Abused%20by%20Threat%20Actors%2C%20Targeting%20Organizations%2C%20GPUs%20and%20Crypto%20Wallets%20%7C%20by%20Guardio%20%7C%20Medium&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=741969872&gjid=676606927&cid=1415560330.1678334347&tid=UA-24232453-2&_gid=575630177.1678334347&_r=1&_slc=1&z=2007536295

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 09 Mar 2023 03:59:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.guard.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2767.d98c95ea.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 28 KB
10 KB 63ms
63ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2767.d98c95ea.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.6948e88f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fd9d14a3259d68a21560cf9bb69d394e37a767829077a000e0d20af6a3f0a28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:07 GMT
x-amz-version-id: .z7tVcTBuc1PLhriNaxklyPi7fV949KV
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 0HRFNB80H2WY0VAB
age: 128096
x-amz-server-side-encryption: AES256
server-timing: cf-q-config;dur=4.9999998736894e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: JdRts/IaTlHxZURXwnWYcYpA+w3aW/dolKNHfAq3QaMBvNM4MKCgtpW49cjhtmKr0JNT7r56NzM=
last-modified: Mon, 06 Mar 2023 21:58:19 GMT
server: cloudflare
etag: W/"1828ca727f746e20b4e6eb834eeab476"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a506744bd2bbbf2-FRA
expires: Fri, 08 Mar 2024 03:59:07 GMT

GET
H3 200 PostNextFiveStories.c3271486.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 65ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostNextFiveStories.c3271486.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.6948e88f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f108b676f4421679c20cd652b68fbeb9d223742615820161fc551851a18f2aa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 03:59:07 GMT
x-amz-version-id: uN0hseRrvqDr9pdP.FkjyMO0s43FIAOG
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: BYP7ZNETPYZ8JQEM
age: 463451
x-amz-server-side-encryption: AES256
server-timing: cf-q-config;dur=5.0000001010631e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: IcyMJXRUi0E/EJpBGAoYDyYSIQ3saSNI7nwZkOnWcZJKmcTOe605woNS0TSNfXZ2xm6NyrDEGYU=
last-modified: Fri, 03 Mar 2023 06:06:03 GMT
server: cloudflare
etag: W/"6b480cd47055d86744fdf566d8f8d3e1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7a506744bd2cbbf2-FRA
expires: Fri, 08 Mar 2024 03:59:07 GMT

POST
H3 200 graphql Show response
labs.guard.io/_/ 21 KB
4 KB 447ms
446ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f1af9b49945968572c885feff3982db36dfa32ab23abda49ab65819fa582a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 1c67e296476ed942
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: PostNextFiveStoriesQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20230308-174848-2c85aa2dad
apollographql-client-version: main-20230308-174848-2c85aa2dad
ot-tracer-spanid: 2729c8056c2aecf8

Response headers

date: Thu, 09 Mar 2023 03:59:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 219
server-timing: cf-q-config;dur=6.0000002122251e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"55db-oIt4j7+9jbQu6JOuNkQ4qKYNaw0"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230308-141712-89843c9ff9, rito/main-20230308-230122-d6755c723d, tutu/main-20230308-161306-342cf20758
cf-ray: 7a50674569aebb9b-FRA
x-request-received-at: 1678334347178

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
691 B 432ms
332ms XHR
application/json 2600:9000:2491:4e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:4e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ce4afc73207d00f6e79071fe986c729dd1f9768e2bca4202b585f1a41d29b5f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 09 Mar 2023 03:59:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 6dacc55b-0af8-43e3-812f-b4ac56894460-2023030903
content-length: 316
x-amz-cf-id: 78oBQYXZrMmJ6q_dFOfah54OLPIZX_f9sJ-afeJt3aZmW4uHYakklA==

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
612 B 191ms
191ms XHR
application/json 2600:9000:2491:4e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:4e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

4cdbbe7a2191d38f4c7e8391c7e8c55bfbdaa841ac7ee9b32ec8b0a1d7e46f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 09 Mar 2023 03:59:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
etag: W/"b7-aG6bZK01w8AS9a1JdUTPvagx7Xs"
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 651f11351dba4b978b43c2847645768e-2023030903
content-length: 183
x-amz-cf-id: VmLH_6rC3OkIF6ltve6w2tm94BtHdVhmWgCHkcrkGRqoVykAntmk0w==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
436 B 199ms
198ms XHR
application/json 2600:9000:2491:4e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:4e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 09 Mar 2023 03:59:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: be719d6cf67f4de5b8bc9581d7e355d9-2023030903
content-length: 28
x-amz-cf-id: I5uyTLcjXGOfiEHqMY7k-nfuKPxHkvGg8VSMFrywBo0X5GzFqOYR4w==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
433 B 205ms
205ms XHR
application/json 2600:9000:2491:4e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/6963.e798ee94.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:4e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 09 Mar 2023 03:59:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: c611454f23024a738761d9c133d0820d-2023030903
content-length: 28
x-amz-cf-id: F18dROpp3ahLZ1kGLq9giD7o9liudmCRH5PN9vO8rS7zH1j0hRPkXQ==

POST batch
labs.guard.io/_/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: labs.guard.io
URL: https://labs.guard.io/_/batch

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.labs.guard.io/	1969-12-31 23:59:59	Name: __cfruid Value: cce4125aa8757696cfadf25e90f1726ac0fe33b4-1678334344
.medium.com/	1970-01-20 18:59:16	Name: uid Value: lo_0028fbf91e42
.medium.com/	1970-01-20 18:59:16	Name: sid Value: 1:JA0je+42+Va6X2qppxXveZK1RrNP/S2QFFLt0mnyEFlh0Jhu7aztLj1fSzsxu9IZ
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: ad7790b0ef2e44c0898297a2340a13cc4d332e91-1678334344
labs.guard.io/	1970-01-20 18:59:16	Name: sid Value: 1:KZpbj7Cz4qbdz/SlXI9vbXJuBpewAt7LliNRVk5v+dNuNhW2Gd6H9ZjSKAiwYRf2
labs.guard.io/	1970-01-20 18:59:16	Name: uid Value: lo_0028fbf91e42
labs.guard.io/	1970-01-20 10:12:15	Name: _dd_s Value: rum=0&expire=1678335246161
.guard.io/	1970-01-20 19:48:14	Name: _ga Value: GA1.2.1415560330.1678334347
.guard.io/	1970-01-20 10:13:40	Name: _gid Value: GA1.2.575630177.1678334347
.guard.io/	1970-01-20 10:12:14	Name: _gat Value: 1
.app.link/	1970-01-20 18:57:50	Name: _s Value: rHUbhCN18nxjY2w23L7sZvhsGyeveTdKpi8SUDxWvwVthp%2Br1F7zjkt4MLllwXul

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
labs.guard.io
medium.com
miro.medium.com
static.cloudflareinsights.com
www.google-analytics.com
labs.guard.io
108.138.17.81
162.159.152.4
2600:9000:2304:e000:19:9934:6a80:93a1
2600:9000:2491:4e00:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:3865
2a00:1450:400d:802::200e
019b9549d1add8514876e9aaabb20c29e90fcbca7c08eb7962168c4a1ad163c1
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
03339318237f203c39972793a5232b2c94f3ea7a2c814641ae62660d8dd6e02b
05427a1ce6b149bd97191ec801698f6dfd5676a93194139cdf1157d7c71afc48
0573eb7e1b3f0dbaad578ead6eb03bfbd6280ae5d9a2827ad95b260717410939
0e68af9e19b1951a0f951075d18a7a6cf1460afc41dbd9d7de4ccb545b345c5c
0e8fcd887379359f9bc929227ef9884376c8949b9a579a5c9c431bcb4f84ef39
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e
14fb576ea1e72739e366faa215d9fb0041d6840438f12251dc715decbf4735ed
19e170e5b154c37b3979be7ed58c5e304f3b70e683adc5289d342bba9fd84292
1ac9810f1cd971cfc9b794e9e837100c8229f89742785aee5d7c1291c23a26ec
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1f376277fd75f93f145d8d50c47aae99b4473a2368d2fc3a73b69364a9391107
1fd9d14a3259d68a21560cf9bb69d394e37a767829077a000e0d20af6a3f0a28
21f4cb2a43be5660b06493f50a488b7e115036678f4ebb706d53b9527b3d39a2
293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174
2bfe36ba78327a014b19111e978f4925c57e08ef282381672accc4548e01198f
2e0307d6bb9c6c2e1ed9008ed7f024a51729dfe310737553afb3cdaeb326f9c1
2f3dbce3634de8af969f812b77a3673a972649b8d3c7776b8dcbed83245e5045
3226ee21a129aa3eeb759dfab18026b5d577e9758b18b8e9f4d1108d6094ee13
3385208a1bf3efea8140ee5625be3c8e03d51e5b16053dfe894526bf7b51144b
388d289479f8bafcb918e33115ab7e3d6da5a0483208575284ce9aa7b9c3b0f5
38fee571b34dfd85de8f16ee665dc12c5686d6940737b5ca036fe621db52ae56
39f3ac287e7edaf282cb691edd135e0f45455dff9bcaaa4e5e2c2cfefe5a38b2
40359356bbc76c936e0b699ec9b31188e2e07953d7765b53f07896a7be32f9bf
457c73fda826dc12d4ee8d563ddfbdb3971411032e4d661bd19a4420e6a8bcfb
46f0348f4760b3a2d6a2c45e65c7f3ebee3c782cd156ca2795d76a5ec231dacb
4915cb0960fda9afe3b4d35b4e569e4944be7be81c2f7f30d16f88f4cbbf5eb6
4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46
4c6d9ecef6ef9039b56be0a22516879485fddb54a0cda65baf2898d0654f3375
4cdbbe7a2191d38f4c7e8391c7e8c55bfbdaa841ac7ee9b32ec8b0a1d7e46f66
4e88164fddc42c9ed21a18ef51e2f2ace4803981dcf90a2e41967527203c31c7
4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14
4f1af9b49945968572c885feff3982db36dfa32ab23abda49ab65819fa582a4b
50a979f6e8a062abeacd9791b81cbedbe908659d6bc12d73f1102167bfc41937
56f327863a6cc5b4ab112d2c9039fca4bd7aa7178a2ff029f78a28a4b1e2cdbd
575be440fd61e4d3666cd1d027a88bca046ce1b2a4be3c49a4c192c6ebb02774
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5b672d4f5d5c4b5c432b3878247c5b308d33ea0000e1a884c8e11ad84bd111d2
5cb495b2e2fa122610f565a47b327fd53efcc27f253c5d513db42888b28220c4
6173a1b363b6bffdf4ec8d533f260644b17cc6f8a747f2d4f529795a3cdf0c04
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
6f11fea2f690a1fd488f36854f4e03f02c1f7851fb0f54b04f61480181ff6e01
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
7576be30972afc8627c169297092b270340fc6bd29eb55e6a98223bbe3abc781
76636eff74ef48f66f3600365f2ab005ac32695eac0d7a69d511440bdc9976e1
76c34eae20e4ae420ba44ee11acdc26a0d54c18cd03296a65101d3bc7593d978
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
7f08a022587c357232656c5a2c60047f9ea9bec647c02f51eb115533e1bb1c92
82a1d706a0ada3fd9902c92661ef0928f6d2f72f7dd0ef106552c15b5d9588e7
83cad37f70113f7b8bbb98c2ef8ee949f9a611e402e55ee826aef65130f2ef77
885d2a1b5810cf1d074e1fb1df888e3fa1864b9fbc12923552393c0005df0612
8b75797cf449be117986913ab61b0fe44ab2aba98cd6fed86a319fab3fd3cd1e
93ec15dd15d0b36925c06e9cd208be62b2bd75010d9681c067867fc429b29d9f
987b520121ba6601b336c4173fd71afba7c979fec402177956f0b6f251e63a42
99d5d1c0ccb1ffac4fefafc4ad9022d39bcc30846d3ea8f9b24d39cbf669c708
a1025779b3719099cbf1c8a544be1eb3119402eac49562aad8edc6116bfa84e9
a376c49443bfaf8f547bb7c4401edd5dd8d427923cbb85c76db344d182b06ee4
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ae4a152dbc443cb2190ebe669b3604fa97bae75f8012b0364ffb2ff2d4def713
b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b29a449ad1af009b2100ec85a5d384b2311f87fc34ace991ccd7a6fc242bc497
bb82f840bf8e07d2ab37b41941aa1c3f3835f365b41179d0deb2277290d8c068
be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3
c4a0cb6328126994438b5a127dc9d3bb890323c339df243cc9f19bc3bde40bfa
c6d534e1a321dc0ae6faa1853a039140a6ca9abd33de37e49df202dfb1a6bc75
c86e6bb53fc3a7d7fa29e64b69f6b20d95f5968ee9b63e739dddde2381951fdc
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
ccbf8f6f5fee60f84748f6a14c8fa1a89274f9a7cf54f22446e6151c82f53aea
cd3737042561538aa202e82423ca4634e9376c108998cb36c776c910d882c867
ce4afc73207d00f6e79071fe986c729dd1f9768e2bca4202b585f1a41d29b5f8
cec72a4f2e85624adda332b1d3dbf704630104ee33c73f46a20b02e3163cb2d2
d5776a2f68fb63322999a753ca4b05ede0f104bcd41bfff97eda6e0b87caea5e
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee
dc51bd154a245d88f2b2d9bf690af5e4776c523e7eeb84d56d27877d8b016982
dd224bdd1cd021d301cc3bb2b72c90d07b36ef0d6185746d002bf02703e00a49
e031dd55aaf1d9ccfab2bf35155388631f3ffa20a60090f1fecca99c609a1a19
e0638d5c75f2bdc3ff6f7356135aff8bf1d4af7ee094f46cde888f84d7360163
e2f341c1673182be9a942b7aa6a93170a8a5acd0bb8b64cdf84284a82aec9f7d
e33b1a19f28cb5299058397bd8e0b7cd5a63b8c557257d596e724e6134955501
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc
e80a252cee9dbd81949fcda2a31ee089bba091c13482d2a2044670c42920b619
e83b7d6faf5d6660a5a1362b1488cf342b71ef9242ab72a3fe9b4757400870c8
eaa279aa1745ddf54c82b83d5b04c5b1a036706a41e17b436554b60e3b5b4604
f108b676f4421679c20cd652b68fbeb9d223742615820161fc551851a18f2aa5
f4d0b6c7f250326830946a25341bd8a84531424e165254fc97ccd9c8476adb5f
f5ec84b4479f160ae00a8581b4313631e143470c45cbc2e43a7aab0006f9c286
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3
ff40d4c7b1aaa8a49bee55e7d815d71ed8af5a3e5c4359772d512eb0c0a73428

labs.guard.io Open in urlscan Pro 162.159.152.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

98 Requests

99 %HTTPS

75 %IPv6

6 Domains

10 Subdomains

9 IPs

3 Countries

1871 kBTransfer

3979 kBSize

11 Cookies

66 Outgoing links

Page URL History

Redirected requests

98 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

labs.guard.io Open in urlscan Pro
162.159.152.4 Public Scan

Screenshot
Live screenshot

Full Image

98
Requests

99 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1871 kB
Transfer

3979 kB
Size

11
Cookies

98 HTTP transactions
0 data transactions