labs.guard.io Open in urlscan Pro
162.159.153.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae7...
Effective URL:
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae7...
Submission: On November 17 via api (November 17th 2023, 12:19:09 pm UTC) from IN — Scanned from DE

Summary HTTP 78 Redirects Links 84 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 78 HTTP transactions. The main IP is 162.159.153.4, located in and belongs to CLOUDFLARENET, US. The main domain is labs.guard.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 14th 2023. Valid for: a year.

This is the only time labs.guard.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 73	162.159.153.4 162.159.153.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.56.101 104.16.56.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.104 142.250.186.104	15169 (GOOGLE) (GOOGLE)
1	18.245.86.31 18.245.86.31	16509 (AMAZON-02) (AMAZON-02)
1	65.9.66.56 65.9.66.56	16509 (AMAZON-02) (AMAZON-02)
1	216.239.32.36 216.239.32.36	15169 (GOOGLE) (GOOGLE)
3	65.9.66.49 65.9.66.49	16509 (AMAZON-02) (AMAZON-02)
78	7

73 162.159.153.4 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

labs.guard.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.56.101 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.104 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-31.fra60.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-56.fra56.r.cloudfront.net

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.66.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-49.fra56.r.cloudfront.net

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 10903 glyph.medium.com — Cisco Umbrella Rank: 19767 cdn-client.medium.com — Cisco Umbrella Rank: 20377 miro.medium.com — Cisco Umbrella Rank: 14368	1 MB
16	guard.io 2 redirects labs.guard.io	57 KB
4	branch.io cdn.branch.io — Cisco Umbrella Rank: 1117 api2.branch.io — Cisco Umbrella Rank: 738	24 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2462	252 B
1	app.link app.link — Cisco Umbrella Rank: 2540	639 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	82 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 899	7 KB
78	7

	Domain	Requested by
37	cdn-client.medium.com	labs.guard.io cdn-client.medium.com
16	labs.guard.io	2 redirects cdn-client.medium.com
11	glyph.medium.com	glyph.medium.com
8	miro.medium.com	labs.guard.io
3	api2.branch.io	cdn-client.medium.com
1	region1.google-analytics.com	www.googletagmanager.com
1	app.link	cdn.branch.io
1	cdn.branch.io	labs.guard.io
1	www.googletagmanager.com	cdn-client.medium.com
1	static.cloudflareinsights.com	labs.guard.io
1	medium.com	1 redirects
78	11

This site contains links to these domains. Also see Links.

Domain
rsci.app.link
medium.com
www.linkedin.com
www.guard.io
www.bleepingcomputer.com
www.virustotal.com
www.msi.com
gist.github.com
guard.io
doublepulsar.com
jsecurity101.medium.com
x-it.medium.com
help.medium.com
medium.statuspage.io
blog.medium.com
policy.medium.com
speechify.com

Subject Issuer	Validity	Valid
labs.guard.io Cloudflare Inc ECC CA-3	`2023-10-14` - `2024-10-13`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2023-10-19` - `2024-01-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.branch.io Amazon RSA 2048 M01	`2023-09-11` - `2024-10-09`	a year	crt.sh
appipv4.link Amazon RSA 2048 M02	`2023-04-25` - `2024-05-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
Frame ID: BDC96AE8A186314FA75564E4F7ACC80F
Requests: 78 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets | by Guardio | Medium

Page URL History Show full URLs

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-orga... HTTP 301
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-orga... HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-goo... HTTP 307
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-orga... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

78
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

11
Subdomains

7
IPs

2
Countries

1469 kB
Transfer

3627 kB
Size

10
Cookies

84 Outgoing links

These are links going to different origins than the main page.

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F42ae73ee8a1e&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderUser&source=---two_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign up

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---two_column_layout_nav-----------------------new_post_topnav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/search?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6a038e71ff0f&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&user=Guardio&userId=6a038e71ff0f&source=post_page-6a038e71ff0f----42ae73ee8a1e---------------------post_header-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F42ae73ee8a1e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&user=Guardio&userId=6a038e71ff0f&source=-----42ae73ee8a1e---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F42ae73ee8a1e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=-----42ae73ee8a1e---------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D42ae73ee8a1e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=-----42ae73ee8a1e---------------------post_audio_button-----------
Title: Listen

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/natital/
Title: Nati Tal

Search URL Search Domain Scan URL

URL: http://www.guard.io/
Title: Guardio Labs

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/fbi-warns-of-search-engine-ads-pushing-malware-phishing/
Title: raised eyebrows in the FBI

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/3baf692a1589355af206f4e3886a09fe8997f0b62c78c1403556285eaba40e94/detection
Title: https://www.virustotal.com/gui/file/3baf692a1589355af206f4e3886a09fe8997f0b62c78c1403556285eaba40e94/detection

Search URL Search Domain Scan URL

URL: https://www.msi.com/Landing/afterburner/graphics-cards
Title: MSI Afterburner

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/fake-msi-afterburner-targets-windows-gamers-with-miners-info-stealers/
Title: was noticed by researchers

Search URL Search Domain Scan URL

URL: https://gist.github.com/guardiolabs/2178c54367d20b0655b5cc5e9d297760
Title: https://gist.github.com/guardiolabs/2178c54367d20b0655b5cc5e9d297760

Search URL Search Domain Scan URL

URL: https://gist.github.com/guardiolabs/7f46d1adda8b0c08e76f23d9fab27fe9
Title: https://gist.github.com/guardiolabs/7f46d1adda8b0c08e76f23d9fab27fe9

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&source=---post_footer_upsell--42ae73ee8a1e---------------------lo_non_moc_upsell-----------
Title: Sign up for free

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fplans&source=---post_footer_upsell--42ae73ee8a1e---------------------lo_non_moc_upsell-----------
Title: Try for $5/month

Search URL Search Domain Scan URL

URL: https://medium.com/tag/malvertising?source=post_page-----42ae73ee8a1e---------------malvertising-----------------
Title: Malvertising

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cybersecurity?source=post_page-----42ae73ee8a1e---------------cybersecurity-----------------
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://medium.com/tag/safe-browsing?source=post_page-----42ae73ee8a1e---------------safe_browsing-----------------
Title: Safe Browsing

Search URL Search Domain Scan URL

URL: https://medium.com/tag/google-ads?source=post_page-----42ae73ee8a1e---------------google_ads-----------------
Title: Google Ads

Search URL Search Domain Scan URL

URL: https://medium.com/tag/malware?source=post_page-----42ae73ee8a1e---------------malware-----------------
Title: Malware

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ff776b280f31b&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&newsletterV3=6a038e71ff0f&newsletterV3Id=f776b280f31b&user=Guardio&userId=6a038e71ff0f&source=-----42ae73ee8a1e---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://guard.io/
Title: https://guard.io

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F65ea78efad16&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fetherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16&user=Guardio&userId=6a038e71ff0f&source=-----65ea78efad16----0-----------------clap_footer----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F65ea78efad16&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fetherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16&source=-----42ae73ee8a1e----0-----------------bookmark_preview----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F3182cfb12f4d&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d&user=Guardio&userId=6a038e71ff0f&source=-----3182cfb12f4d----1-----------------clap_footer----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F3182cfb12f4d&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d&source=-----42ae73ee8a1e----1-----------------bookmark_preview----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F32024ad4b5fa&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fphishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa&user=Guardio&userId=6a038e71ff0f&source=-----32024ad4b5fa----2-----------------clap_footer----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F32024ad4b5fa&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fphishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa&source=-----42ae73ee8a1e----2-----------------bookmark_preview----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F4c9996a8f282&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Ffakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with-4c9996a8f282&user=Guardio&userId=6a038e71ff0f&source=-----4c9996a8f282----3-----------------clap_footer----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F4c9996a8f282&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Ffakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with-4c9996a8f282&source=-----42ae73ee8a1e----3-----------------bookmark_preview----b93ecbc3_3701_4a7c_bfee_d257c3ecf922-------

Search URL Search Domain Scan URL

URL: https://medium.com/@lerikson/how-to-find-your-next-cybersecurity-gpt-4963beaf0e61?source=read_next_recirc-----42ae73ee8a1e----0---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@lerikson?source=read_next_recirc-----42ae73ee8a1e----0---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F4963beaf0e61&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40lerikson%2Fhow-to-find-your-next-cybersecurity-gpt-4963beaf0e61&user=Lennart+Erikson&userId=bb2743fcc689&source=-----4963beaf0e61----0-----------------clap_footer----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@lerikson/how-to-find-your-next-cybersecurity-gpt-4963beaf0e61?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----42ae73ee8a1e----0---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F4963beaf0e61&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40lerikson%2Fhow-to-find-your-next-cybersecurity-gpt-4963beaf0e61&source=-----42ae73ee8a1e----0-----------------bookmark_preview----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@networksecurity/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee?source=read_next_recirc-----42ae73ee8a1e----1---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@networksecurity?source=read_next_recirc-----42ae73ee8a1e----1---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://doublepulsar.com/?source=read_next_recirc-----42ae73ee8a1e----1---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------
Title: DoublePulsar

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fdoublepulsar%2F4220580bfcee&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Flockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee&user=Kevin+Beaumont&userId=7db6d2df42a6&source=-----4220580bfcee----1-----------------clap_footer----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@networksecurity/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----42ae73ee8a1e----1---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F4220580bfcee&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Flockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee&source=-----42ae73ee8a1e----1-----------------bookmark_preview----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/staff-picks-c7bc6e1ee00f?source=read_next_recirc-----42ae73ee8a1e--------------------------------
Title: Staff Picks505 stories·454 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/stories-to-help-you-levelup-at-work-faca18b0622f?source=read_next_recirc-----42ae73ee8a1e--------------------------------
Title: Stories to Help You Level-Up at Work19 stories·307 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumForTeams/list/selfimprovement-101-3c62b6cb0526?source=read_next_recirc-----42ae73ee8a1e--------------------------------
Title: Self-Improvement 10120 stories·898 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumForTeams/list/productivity-101-f09f1aaf38cd?source=read_next_recirc-----42ae73ee8a1e--------------------------------
Title: Productivity 10120 stories·822 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@ignacio.de.gregorio.noblejas/openai-just-killed-an-entire-market-in-45-minutes-818b2a8ad33e?source=read_next_recirc-----42ae73ee8a1e----0---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@ignacio.de.gregorio.noblejas?source=read_next_recirc-----42ae73ee8a1e----0---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F818b2a8ad33e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40ignacio.de.gregorio.noblejas%2Fopenai-just-killed-an-entire-market-in-45-minutes-818b2a8ad33e&user=Ignacio+de+Gregorio&userId=9b351e8113e9&source=-----818b2a8ad33e----0-----------------clap_footer----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@ignacio.de.gregorio.noblejas/openai-just-killed-an-entire-market-in-45-minutes-818b2a8ad33e?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----42ae73ee8a1e----0---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------
Title: 154

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F818b2a8ad33e&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40ignacio.de.gregorio.noblejas%2Fopenai-just-killed-an-entire-market-in-45-minutes-818b2a8ad33e&source=-----42ae73ee8a1e----0-----------------bookmark_preview----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://jsecurity101.medium.com/demystifying-dll-hijacking-understanding-the-intricate-world-of-dynamic-link-library-attacks-7a952ac8b051?source=read_next_recirc-----42ae73ee8a1e----1---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://jsecurity101.medium.com/?source=read_next_recirc-----42ae73ee8a1e----1---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F7a952ac8b051&operation=register&redirect=https%3A%2F%2Fjsecurity101.medium.com%2Fdemystifying-dll-hijacking-understanding-the-intricate-world-of-dynamic-link-library-attacks-7a952ac8b051&user=Jonathan+Johnson&userId=78d2ff57ed70&source=-----7a952ac8b051----1-----------------clap_footer----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://jsecurity101.medium.com/demystifying-dll-hijacking-understanding-the-intricate-world-of-dynamic-link-library-attacks-7a952ac8b051?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----42ae73ee8a1e----1---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F7a952ac8b051&operation=register&redirect=https%3A%2F%2Fjsecurity101.medium.com%2Fdemystifying-dll-hijacking-understanding-the-intricate-world-of-dynamic-link-library-attacks-7a952ac8b051&source=-----42ae73ee8a1e----1-----------------bookmark_preview----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@anton.chuvakin/decoupled-siem-brilliant-or-stupid-ada2c3142b2b?source=read_next_recirc-----42ae73ee8a1e----2---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@anton.chuvakin?source=read_next_recirc-----42ae73ee8a1e----2---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/anton-on-security?source=read_next_recirc-----42ae73ee8a1e----2---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------
Title: Anton on Security

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fanton-on-security%2Fada2c3142b2b&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fanton-on-security%2Fdecoupled-siem-brilliant-or-stupid-ada2c3142b2b&user=Anton+Chuvakin&userId=11065c9e943e&source=-----ada2c3142b2b----2-----------------clap_footer----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/@anton.chuvakin/decoupled-siem-brilliant-or-stupid-ada2c3142b2b?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----42ae73ee8a1e----2---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------
Title: 5

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fada2c3142b2b&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fanton-on-security%2Fdecoupled-siem-brilliant-or-stupid-ada2c3142b2b&source=-----42ae73ee8a1e----2-----------------bookmark_preview----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://x-it.medium.com/how-to-find-phone-number-with-email-address-a0fa3500e0b1?source=read_next_recirc-----42ae73ee8a1e----3---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://x-it.medium.com/?source=read_next_recirc-----42ae73ee8a1e----3---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Fa0fa3500e0b1&operation=register&redirect=https%3A%2F%2Fx-it.medium.com%2Fhow-to-find-phone-number-with-email-address-a0fa3500e0b1&user=XIT&userId=3c2844c712c5&source=-----a0fa3500e0b1----3-----------------clap_footer----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://x-it.medium.com/how-to-find-phone-number-with-email-address-a0fa3500e0b1?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----42ae73ee8a1e----3---------------------b6f88792_02fb_4df3_a473_1823f88d5405-------
Title: 2

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa0fa3500e0b1&operation=register&redirect=https%3A%2F%2Fx-it.medium.com%2Fhow-to-find-phone-number-with-email-address-a0fa3500e0b1&source=-----42ae73ee8a1e----3-----------------bookmark_preview----b6f88792_02fb_4df3_a473_1823f88d5405-------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----42ae73ee8a1e--------------------------------
Title: See more recommendations

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----42ae73ee8a1e--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=post_page-----42ae73ee8a1e--------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----42ae73ee8a1e--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=post_page-----42ae73ee8a1e--------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=post_page-----42ae73ee8a1e--------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----42ae73ee8a1e--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----42ae73ee8a1e--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=post_page-----42ae73ee8a1e--------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://medium.com/business?source=post_page-----42ae73ee8a1e--------------------------------
Title: Teams

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e/ HTTP 301
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e HTTP 307
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

78 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e Show response
labs.guard.io/
Redirect Chain

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e/
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

307 KB
53 KB

682ms
677ms

Document
text/html

162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9cef62c70a4697d1f2c58207b61ab650f936ed856becf518e7097a1d6eca872

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8277eb6f2d1c4d4f-FRA
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Fri, 17 Nov 2023 12:19:02 GMT
link: <https://glyph.medium.com/css/unbound.css>; as="style"; rel="preload"
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, lite/main-20231117-105030-69cc24be15, rito/main-20231117-105030-69cc24be15, tutu/main-20231116-133756-9d46cf0246
medium-missing-time: 238
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 525
x-request-received-at: 1700223541712

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8277eb6def1c35f1-FRA
content-length: 0
content-type: text/plain;charset=UTF-8
date: Fri, 17 Nov 2023 12:19:01 GMT
location: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13

GET
H2 200 unbound.css
glyph.medium.com/css/ 18 KB
1 KB 53ms
44ms Stylesheet
text/css 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2924
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb736e2335f1-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 17 Nov 2023 14:19:02 GMT

GET
H2 200 manifest.bd42fca2.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 99ms
85ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.bd42fca2.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72db7c46c8a82efb1628d95872ed2d0e0b7385ce7d288e852d55c2c18c5b85db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: RKqXOvz3HCKldoZLMagR6EM2m84tKtn2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: V93WKM2BGP2A7BKB
age: 4198
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: y55ekObGVnMXIyY6NnS74QPjAS7mVg5Co/eMKUFYi7/SDbT1jWpQxSCmh7QAUn+NTeqyH7NWcTMzrTrqVdlmGA==
last-modified: Fri, 17 Nov 2023 06:44:17 GMT
server: cloudflare
etag: W/"6b1d551f114b63ad87f56aa787b3d8fa"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea735f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 3057.5e22bbb0.js Show response
cdn-client.medium.com/lite/static/js/ 659 KB
207 KB 100ms
86ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d4cacc612c452bdcc10a085e37f00f77d8863cb1e8fe669ca02c1156f2cb712

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: 8U1kFgMJlUNmH8qkZNp1xniyDYQNS3lm
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: S9TRK1AHXC8W7BG5
age: 211809
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hkWPbHHvK1/y1PgOnLBoXr4//WBOChBIQMYHo6ZKSSXDsAgljJm06sWniTaVissh9BXx5UvePfpqj01kEJSFdQ==
last-modified: Thu, 19 Oct 2023 20:38:07 GMT
server: cloudflare
etag: W/"5cf73b47b8f9468e48683b2d39073bf2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea935f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 main.36d119b0.js Show response
cdn-client.medium.com/lite/static/js/ 754 KB
180 KB 92ms
79ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.36d119b0.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f300ff90ee98b1ad8acf6ebd7409dd8177fead0789d8f93854ad78f1ebb14c7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: hTe6_mbW5puLDx3E7NCvkzEygWKNvYbH
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: V93S640SAHSHP9Q4
age: 4198
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YVgMjPtlvvEkULiC6wG+MVg0jE/GVBCg2ws8WHaoP9CDkJf96kalQxH2GpOMTNXvduIBLH/wJ3s=
last-modified: Fri, 17 Nov 2023 10:29:30 GMT
server: cloudflare
etag: W/"8ee71bdd2fd2d8cc1a58b6606fe70317"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aeaa35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 instrumentation.d6d5fe73.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 97ms
83ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.d6d5fe73.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f3f7e27c4bb5a99d6e4d13108c496731dc6449349e7a5f047532a3c28dc7a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: PR8_UBjzcoJlgN2A.8oG1hIe5RQtEjXi
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: M293RFR9X9HBSASM
age: 464920
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: kDNdOFPU3ZlC9IOzLY/tgKM6VSF09peZs6Dae8i7AGLPkj85EEHCu8GNq7skeg4ZkXcxrpwv4+M=
last-modified: Thu, 19 Oct 2023 20:38:41 GMT
server: cloudflare
etag: W/"861d773929a7453a8d14dce2c15d220d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aeb535f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 reporting.2021fe63.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
937 B 77ms
64ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.2021fe63.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e114382d20a02d0ca050b5fb41beeeb8d1c63762fa2f2e2b75557a48117d365

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: EAFtMMjOBNpoIMOAp_mjLfH0fLlmjqvd
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VGFNZ7CY395RBD1K
age: 300635
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: UsxPcnWIPeG8Qtif978t591tt12v6gVkOW87c/cpun0sa9LX6r826tsN9XF2emlwdALyzwpBJ48=
last-modified: Fri, 23 Jun 2023 16:13:42 GMT
server: cloudflare
etag: W/"4f45b39c86a2eb9ca7068099b34d3af6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e5e35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 120.a1050cd4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 66ms
53ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/120.a1050cd4.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a63874daccb3ac3ed721179b9daf59fc73ac9699fcd1b1af58e3e1dc0b694797

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: UTxkv1woQlLYT1TWoumXyjk.mSIYuXtz
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VPT1TZGK6T6T5G50
age: 373667
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: L9m6itdENWzlLxhG4bZ8HYiZ1tkDENsVJNmbq8rGnBaNRZ5oHOlMh7oiP4h/HeF4YH6p90p22BU=
last-modified: Thu, 19 Oct 2023 20:38:04 GMT
server: cloudflare
etag: W/"a2b81fa0451c4e8e71f81ebc5e3d199c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e5f35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 1752.0a0e21e3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
10 KB 77ms
64ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.0a0e21e3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9be1ef395d225719d66914259410ea9cc8f5e486bc4aefc93b377fca48c5739e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: vBGXkvj2eltbI7OdJS6ssgn6BnIpNuCq
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: FY4RXY546FNNBNPZ
age: 190165
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uXJ15pIxuGKg1XkbbB+RJyUsLnWDGbMRz9kQ2bpI8Mvno0dadH9qaF5GGRg9Z1iklnbwJCUtS08TWvoxRaVjMQ==
last-modified: Thu, 19 Oct 2023 20:38:04 GMT
server: cloudflare
etag: W/"5a77924f78b5cf0358c26576485e5300"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6135f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 6733.1d85727b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 105ms
92ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6733.1d85727b.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d3e598ba737be043c5d785d54f858660c4dd4d22805b22a550876b017830f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: 2fJFQUTf2u12vcW9GWlwyqCzuRzGu243
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: C677NQY5WTQZ3MXW
age: 299936
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tsp6ibadELIHxIyTa7q5r/Q2EQo8hNXZR1PcY4M9YfqGfV70oRNFM9mkT0f+0gLUoE8mwUn3qk0=
last-modified: Thu, 19 Oct 2023 20:38:12 GMT
server: cloudflare
etag: W/"637f2748bb252f63c1746748e78f94ae"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6335f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 4711.043615ac.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 104ms
91ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4711.043615ac.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36958875136eaa028381ba1b7c0169a46c0a3a80b12a2be773ec5e30479e3e87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: qnKQzk0b9urC.8imJsDQEceRC7r1d.6v
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: S9TK1KKDE2F3TKDN
age: 192775
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: kGmWokIZXCA63hQlWsi8JiljfmsaXFO3WN/4H+Urex6tqQxcSDd1IkgeP7kqvpuYyv1BW1pK4dtiqzWb+RtsLA==
last-modified: Thu, 19 Oct 2023 20:38:09 GMT
server: cloudflare
etag: W/"fa8866965099e179b25da758eb62a2da"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aeab35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 8695.09acff9e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 105ms
93ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8695.09acff9e.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82a2d5c3934b1cdc633bdc0eed2c3470c223e94f264d90e0361bbd712f10215c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: Q9.eb.3j9bi_F4R9aYemxyRBPTphB3g4
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: S9TREEGE4EAAS8GK
age: 723897
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /gfcWoCaiwAOp5BRg+XYzbaOTq82MbXXlLmykFLtlhiXlVrdoq1II85/Ua6WQqr78079u375M6nmj7Aa65y0fw==
last-modified: Thu, 19 Oct 2023 20:38:14 GMT
server: cloudflare
etag: W/"d07494896a2cf9ea70fd4038c2de7413"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aead35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 4341.09a484a0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
10 KB 105ms
93ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4341.09a484a0.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c07430ac1075c62498346fe13ef2ebc6c1981eec9947dd244e5a16bff4133cee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: 47iSWdqrvcoFM5KAcxTk0R9O5afyldIA
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: FDK2BJRJC88PV1F2
age: 369423
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ghpOcGZLYY7PHVvwVUqdBi4TbTqoa2l4jf1gWtJ3ioRqqSwW9JQjcsIKZ7k26DqYa4Iu5kjoxSM=
last-modified: Thu, 19 Oct 2023 20:38:09 GMT
server: cloudflare
etag: W/"d5f9495d725166e8fda884d64d8d21dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aeb035f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 3154.23d7fa54.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 90ms
78ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3154.23d7fa54.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0370a5fb05f7637305b19b6a97711886b881c21866999394ba68ef9f9dcc1937

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: WVxEhIKMrWQV5Cay7YUCpcakLG4PK0Lq
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: R9BXN8A9VM27FJWW
age: 707593
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: w+kzSZXBgOqnKLat+XAm8zwXdjtY8ZnWvpOc1B8imqncs3P2VFBAwnSh6cfHVMXBSpHO6CsZLF8=
last-modified: Tue, 31 Oct 2023 17:34:05 GMT
server: cloudflare
etag: W/"e6dcfef6bdfb68af0b4e4b9afb3e5f22"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aeb235f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 5203.e7a22052.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
4 KB 104ms
92ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5203.e7a22052.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46e758010f351793913ddca875cd4d6b107e4fe8b263b352c1da5b2f3d151021

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: sYZi_T_vovpyjHR0HCCODg8UWAAlZCKC
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 4G41DBY3KYNQX9MD
age: 382406
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hjUGm8MKzsmi3mkpcyxVF250ZoZi/eTMgnFDsjhhwRDoDDOvQtxbVG9a8TT+TtztvpcQlLGA70tB9JciD/fIWZr+k0YmBhsG
last-modified: Thu, 19 Oct 2023 20:38:10 GMT
server: cloudflare
etag: W/"4b2a2b012f01bcd5a7880043af3823bc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aeb335f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 1957.fe63a49e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 77ms
65ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1957.fe63a49e.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df605e20fe7a05e0513c248e17c5a98c7cbc43fc7017e09f74ebdffae434386f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: yV0AEjZMehDA_RIyfXUT1SkECUTzy1qb
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: S9TWBY2MGHD7N9CR
age: 191704
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: S9r6TCR1rcofKONyJm1vyVv+HvVNKnRBUo6LhYm8w8IgblBc5ve989+UpTyG9hfOGisNpdZoxpqn6bwIeBGrgtAMh0ZVvTkY
last-modified: Thu, 19 Oct 2023 20:38:05 GMT
server: cloudflare
etag: W/"8b714aa6eb83b010c609afc3824ff245"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6635f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 9599.482cf798.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
8 KB 74ms
62ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9599.482cf798.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14bb73cc99b70b81f155c380e0a7e52ae9f08ff7b958fe3c73192174d69036df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: vhkd_w1zeDouPxTe2tkCOk3XmxWE.Jep
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: A5AA7WC5FA9T4E2A
age: 270880
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: nBiiqHSt2CVNBcYWiatxJPlPCxQ0dhEslIzB5Vxhj0HzpJxhnk+bnFV5Y6wFkToa1wlb/rmkjEo=
last-modified: Mon, 13 Nov 2023 16:40:06 GMT
server: cloudflare
etag: W/"87bb2349ef5420521396377a85c071a4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6735f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 1711.02ed88a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 88ms
77ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1711.02ed88a9.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d480cb91595b2ac6eb8c15c15b0a344d38e4112ff2e684d718c089fb9d69ca68

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: MxWZPZovk2Rr_GP59bHwNLtNMRfGl5Op
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: P4V0ERJ5YRY8ZX2B
age: 559401
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BgJPTpTYyVh3MzyR3hDRngKGYPfitgtHdDkx8OW0d/wPDZquvKLTCpyp8W3leCvnqIqhFZu3ho0nkbiqi6Js9K20wxIEMbMw
last-modified: Thu, 19 Oct 2023 20:38:04 GMT
server: cloudflare
etag: W/"add6d452f3026f039f9dc689ed1cac87"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6835f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 5268.5f96ae45.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
6 KB 65ms
53ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5268.5f96ae45.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9e3d86a3c839035863ff41aa0805bc3624fe6931c7d08476a3d0f171c6076c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: JkTW5V2N5xR2gRUEO5NyzInkCcdXTMhJ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 7YV8JVSNAETQBBAD
age: 292377
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pBso4E8gvsQV+5lQgWK2+taln/NxVTlQ8HAC3N1d5OLOUj/gpiDMKYOAmCfhPAH0NyozPAPVqV8=
last-modified: Thu, 19 Oct 2023 20:38:10 GMT
server: cloudflare
etag: W/"06ed1734545e9fc9acc28f487a302996"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6a35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 9114.49b6b911.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
4 KB 96ms
84ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9114.49b6b911.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24183a1040266651c9220130eeb24ae69eaf1aea2f6cdf2928c47c1d28ec616f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: 5HP3EOnC9v2XvBoz8LhP.2aoPkreALV7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 3N219REVC9ZYPNYQ
age: 450135
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pMocFrYuTvZNcT+E5EWJl91OyGLMXAw6jBtIWQbO3ZI5fxKtuj3sgvOVN/RdHdqMoNtZ4/8ChKE=
last-modified: Thu, 19 Oct 2023 20:38:15 GMT
server: cloudflare
etag: W/"8b63f526f073a7a5c4fc7961b42c1594"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6b35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 5459.80a6ee18.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
9 KB 82ms
71ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5459.80a6ee18.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dfdb6f5b4806f1c38df4fe8759a9de97db51013d581eab964f30e0168c63824

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: Xo5Pr3Ij5Cgw5oTeyQue1xJQ0yv8JEXg
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CHZKXH56PFAXAFEG
age: 458809
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BBd7tWA52shZmT0c5SCc8moGJkiC4G7uHUttpvXAepUdBi0mMnRJ6imZ/VrcHJiBUjMtdM45pAI=
last-modified: Thu, 19 Oct 2023 20:38:10 GMT
server: cloudflare
etag: W/"6e1344575b07708a7b94c40d88f89dce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb739e6d35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 6804.4b5be6c2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 92ms
80ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6804.4b5be6c2.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82e19483dee96a24ba028e9c3d16d27a9079a4d0032676f513f6eba560eac9f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: EZyZW6eqXkkiWlB0Nuzac0EQE.s6m2iG
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NEESS890RAYCM30J
age: 458521
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 87Z26BnnCe9E5lVFyaLjM1UNj4zigQD3u9pyT13XcKewXBXnqBQIsbAQmHJnr1nP4AvMYNfpI7Np3tejqahhtbDHIMU2DfXUEgrlfeISqv0=
last-modified: Thu, 19 Oct 2023 20:38:12 GMT
server: cloudflare
etag: W/"5b16ee1dad1b26f4caa560655966a56a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae8235f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 9174.0ef07a6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 107 KB
27 KB 84ms
73ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9174.0ef07a6a.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

759d8ad5cca09ac8f038153626cad55a19ffb1844505994aaf5c5552edeb843c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: gm72MSvDy.jNZgvVB_az.lxubLqc5YEm
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VA93ZVEKR7WA51DG
age: 292024
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: bz8BYR4LaoQyOUF6olV/tGmBbyQT7LflWOPObGz/Pifhn6u4+EO2DmtXX4ug56/gIDX3MRtr7JA=
last-modified: Wed, 25 Oct 2023 15:36:17 GMT
server: cloudflare
etag: W/"71b11c3ae0639915f18471b1aa05d1be"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae8535f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 4129.ee8ae2c8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 96ms
86ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4129.ee8ae2c8.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37a92f6f729051d8f507d8e2102fb6ff65523e1cac9a02c5cf73f1503b446dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: GKCEAjCz9C3rq4gDy5D41ahGcAUvJYws
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: H0EASZR7MFXZZD84
age: 541378
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0GnO24kb9SA99yzr5ZJIUdJw3Hr4vBU6LXE+g6K6lbBNH1U5XI/06xIezMGpyW8JJCXm+j4p9aA=
last-modified: Tue, 31 Oct 2023 13:31:10 GMT
server: cloudflare
etag: W/"c63ba7334aaaa7c433116323b85dddd8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae8835f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 8580.feeb2549.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
2 KB 82ms
72ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8580.feeb2549.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab4e6c77ee5e6178222bb7deefc0c6d5b0e2b3ab2df5d8623da00840809e639d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: zzAbVdzU1EHaoBWemZXYawSAaPKOliQq
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y65FVQ7NTEJBXQ6Y
age: 723897
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cZohDeNRwUgaONTLit+xJE3dfHFvPeoV85c+KqhEP6x9pyiEj9eN5SLHPyGrwvD8EB0RQ7cMwU0=
last-modified: Thu, 19 Oct 2023 20:38:14 GMT
server: cloudflare
etag: W/"807d78fe3a15361dfb7d56b056c4ff12"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae8c35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 1802.e60e66c7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 83ms
72ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1802.e60e66c7.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0792f6cc38339e0b554fe326c690d56a96806ed0dc474ce6f6d0aba18f765e6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: iFxMqoWpDsIP.M1Dh8UdRxr9rkX3Q.xu
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NEEZ8ACX5CRNCYNP
age: 640119
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GmoCpwWBpnlGUGxFmg/R0MLAntZ3FazjO29eWAUDM/fEP4am387VYIqhUfMJ4g04/bWtVc/JWVznC4TZ+wU2GfuptkhJ80wFafmRdvfH6cs=
last-modified: Thu, 19 Oct 2023 20:38:05 GMT
server: cloudflare
etag: W/"635af3b7dfe39ee73036241fbfcab739"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae8e35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 2295.fc4d4022.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
4 KB 94ms
84ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2295.fc4d4022.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0600ce05b2a4074728f771e0d80181ae3083c2ecfac70ce6d2c922673a353c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: 2NwUdLtAzMdae9WdtESLR9bi4taNLBN9
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RN1SC7PSR11DVHHF
age: 549976
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Nk8C24PuV8REw+FpQmN+DRyJuvIdST32RYZhzlkD8UQ2rhGN7INiPWpMMwoiKrObDs9rpnlc1Z0=
last-modified: Thu, 19 Oct 2023 20:38:05 GMT
server: cloudflare
etag: W/"918104db6e0ba0217d96d70c6d3e2628"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae9035f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 4078.da7800a7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 89ms
79ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4078.da7800a7.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e365238b8f3b49688bb6f1344496c0e25a3ebe4302c859856e937f18f403d6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: rrQLGST4J4fLi10qQKaFEEGE2uCdLnIB
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NEEK1BGB3N4MFTY0
age: 293024
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: rBuWeu9r/5FPo9xPw2Lijm9m5nk+uBuog2tD8q2jjHwccCJKHesBrpQmZ/ZGtOfLgb5muN/Zq2CDQP8/tbCtwg==
last-modified: Thu, 19 Oct 2023 20:38:08 GMT
server: cloudflare
etag: W/"6fe9bb13da7ba28df60248af83559170"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae9235f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 8883.c8b03d13.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 30 KB
10 KB 87ms
77ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8883.c8b03d13.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6371dbf8600466f6a05a06c3372f54b5df5ea4ce7e2145571a7f72886d61d879

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: rqCBYLKOv.8NNDtk1ZWJs0i2M.e6fYOU
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 57Q85NHRR4043R5E
age: 164574
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: wuWZa7C2RdY4I2iSAi/fZbqSkRPfrct1na/WxR4Eo3Z8UpsLjVo7kojWZijKyuO84f5zvVpJFpU=
last-modified: Wed, 01 Nov 2023 19:54:54 GMT
server: cloudflare
etag: W/"db9f4f034f186af2c5d3eb5b06d84be1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae9635f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 2550.32c9e069.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
6 KB 91ms
81ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2550.32c9e069.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

281b3901b377860080d759708dc49406b0be870bc938d41bd55a02ebe1deb0b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: b9H3V5jFH3lmkluqZtKJQVDgeLo.eMEF
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NEENRXZCA3XKGC19
age: 292024
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: j9bAoYqiLwN0SvNQO45wzk93Lhl71no45hQPt+oOhc6fHziATKMuxLH6Wmk3GcVZD2SWqxm86IocJHXYvV+QXo30WkBf3ssTAflzjreeUj4=
last-modified: Thu, 19 Oct 2023 20:38:06 GMT
server: cloudflare
etag: W/"6f11e358701c76c0afe6c9c7077e53d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae9935f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 9408.a4724b16.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
5 KB 101ms
92ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9408.a4724b16.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64800dcf33a384dab614eccb9bf5bc57cbe8c73387994772a5a4b1cec98b498c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: cVV85MQMD3NN3XFH12lgxrMf86O7iFnu
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NEEVM46RV2WQDG40
age: 107021
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: aeyeAd44gitFUI6AUyktDQR7kIsoLu4uwhCHAriePNAFdAh13HMFWNNZkeKGOwZoIhHRg7/SNbNyj4qD80/HCy4IeRkRMomY
last-modified: Thu, 19 Oct 2023 20:38:15 GMT
server: cloudflare
etag: W/"db0e25a1b93644d226020decb0ee6613"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73ae9c35f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 397.2e086ee7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 25 KB
6 KB 94ms
85ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/397.2e086ee7.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9427605448321a75fc6fa3f273e0fb65c9669017c6ba9bf4a38133defebef75b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: TwMm_lv0CfT2CH0Oj8I4uUnyBcWDRMdF
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1M3454SMFR3CMNAA
age: 787757
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ka0gSB46zKsXx2eCvynrW7FBUHn5SMnjfTV/iNd8vR1XADKLfiRZ0nz1Nt6ZTCGvNjRoRVFwHfY=
last-modified: Tue, 24 Oct 2023 20:03:53 GMT
server: cloudflare
etag: W/"28e7bd672c499809bf07734c316283e3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea035f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 9150.42fafb2e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
2 KB 129ms
120ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9150.42fafb2e.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3df22782693c9af50722c8e68c3bd5f0f2248d53b79cd278c2f0953d7b9d4571

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: Juh7s6eqIR5VpuEFNUcPQ7B8LwsnUpKw
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RN7HXARNCBXX8B4K
age: 449061
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JdEWkQYV5f8lXbdQuVjf4Ny8CryboZNimKTWaKr5gu64oXoUcCZKfYTDEEee4o0MurDa9dtzit4=
last-modified: Thu, 19 Oct 2023 20:38:15 GMT
server: cloudflare
etag: W/"78132c40ece3187924f4251503c0fe2e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea135f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 5005.b5d4a37c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
3 KB 94ms
85ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5005.b5d4a37c.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed871cdd5c0d8def9f024a161b7b8e8cef778a47955c05a27fbdcf023b9fa4b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: RisC25ILXQZI5zUiv0YF80pfrgqVmer.
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NEESR8DSNFTRDXX8
age: 464920
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: gDwQxxkhjYaqXGZpDeHuM/5206TkQdKZjAI80x8uyXp+PySrrr7QAvKdE31wzprOOt+qteOAvKnB/kENdCZAkw==
last-modified: Thu, 19 Oct 2023 20:38:10 GMT
server: cloudflare
etag: W/"a72dda426ce4412cf5cdf2bd365c57c4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea235f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 2393.c616f1d3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 45 KB
16 KB 100ms
91ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2393.c616f1d3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c796e07d66372e6ccc03188b7a4482d6ac6955591cbca0723784af67b5805913

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: cXgDVD4fJFh_S_haHlPjNBoq67BYnG3a
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: A5AARDFYBMB0AD0M
age: 270880
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: WoSIulQbRjh/w0no8DrHxg7m4MDpuAGCW9sG90IQgyDla2u3F+d82ytDrxrpCI4dKUscqW6wzms=
last-modified: Mon, 13 Nov 2023 20:23:46 GMT
server: cloudflare
etag: W/"ffc45fe8d75dae6569cbb1d0a7b30f1e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea335f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 5404.d8739341.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
7 KB 89ms
80ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5404.d8739341.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dfac81a0410ed02d8be292a5f187f96305bf57e17a668090d2ce69aee1ce9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: ZrXSrAX.RwyyDZXU3FagsJnjKNyR6Cim
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 9K57EDWADRGJRER7
age: 632698
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: zn2sbe5nF7/W7U6/JqIoqR5S42b99lcrGUvjeSlHXcpRSqXwmS99ctJ7kxjYxmXZaVXCioZffQdC2A/8f+k9vhrXbl0zMKe8
last-modified: Thu, 02 Nov 2023 18:44:08 GMT
server: cloudflare
etag: W/"243e34e22fc0c7f8fd1960513d508ba8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea435f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 PostPage.MainContent.a0ce20e6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 183 KB
45 KB 94ms
85ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.a0ce20e6.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31093433d84ab20771fe8c27f7d06cb71ee1539af828e27e5d57c0dea25d3cdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
x-amz-version-id: mMHYiOPq1ZtZh1Uk5xUfbnagx10fTB4z
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: P4JT9KK08D4A1BMJ
age: 159500
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NhrD1rsEd4mo7SHBWbZUchA/OIq7baOaHVNJ+r1MpeB9KC7d6T1yxW0xV4ZZO+JONLCrxQfc0Gk=
last-modified: Wed, 15 Nov 2023 15:24:22 GMT
server: cloudflare
etag: W/"0e81400e35c0651e7aedd6fda6060de8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb73aea535f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 397ms
65ms Script
text/javascript 104.16.56.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.56.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8277eb7599a403a6-FRA

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 377ms
41ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 283931
x-envoy-upstream-service-time: 36
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb173685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 366ms
31ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 1421140
x-envoy-upstream-service-time: 38
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb1a3685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 378ms
43ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 551229
x-envoy-upstream-service-time: 71
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb1b3685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 384ms
50ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 643628
x-envoy-upstream-service-time: 49
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75fb2c3685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 source-code-pro-400-normal.woff
glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 365ms
30ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 1312897
x-envoy-upstream-service-time: 31
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb233685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 385ms
50ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 1310802
x-envoy-upstream-service-time: 105
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb213685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 371ms
37ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4e595378a4c2585a1eb91b7f65ed0526940ed8fd37a31810cd1e2eb2920b12

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 787919
x-envoy-upstream-service-time: 27
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb1d3685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 57 KB
57 KB 359ms
44ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 373659
x-envoy-upstream-service-time: 70
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb223685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 350ms
48ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 383603
x-envoy-upstream-service-time: 55
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb75eb1f3685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/v2/resize:fill:64:64/ 1 KB
2 KB 46ms
26ms Image
image/png 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 182950
x-envoy-upstream-service-time: 30
content-disposition: inline; filename="1*dmbNkD5D-u45r44go_cf0g.png"
alt-svc: h3=":443"; ma=86400
content-length: 1310
x-request-id: 98f220a4-37b9-49de-bd4d-096d3dabbb3b
sepia-upstream: medium
server: cloudflare
etag: "qUlGJkYhB4LINmyi_TVOvM25Dy409gGbmK5EqrHhPd0/RImNiNjU3ZGRlN2RhNjI0NjU3YTVmNmQ0ZDdhNzEyMDM3Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb743f5035f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 1*s7SJaF9dODo7rWqa2rFQ6Q.png
miro.medium.com/v2/resize:fill:88:88/ 6 KB
6 KB 49ms
29ms Image
image/png 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:88:88/1*s7SJaF9dODo7rWqa2rFQ6Q.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3177c0013737d38f7a9fc5f06b3e7ba3d6d7ea0d02406d8c5beb176d26b701ab

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:02 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 351598
x-envoy-upstream-service-time: 139
content-disposition: inline; filename="1*s7SJaF9dODo7rWqa2rFQ6Q.png"
alt-svc: h3=":443"; ma=86400
content-length: 5653
x-request-id: 04fe70da-06e8-4bf2-9c67-c2a2db208d44
sepia-upstream: medium
server: cloudflare
etag: "9ivaNyhTKaKecaYmZr68Fn9V98S0df7YQu7TMR33mwc/RImIzYjQ4OTY4NWY1ZDM4M2EzYmFkNmE5YWRhYjE1MGU5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb743f5335f1-FRA
expires: Sat, 16 Nov 2024 12:19:02 GMT

GET
H2 200 1*r3OOabtRnFMn_7VwyvkjNQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 18 KB
19 KB 1171ms
1152ms Image
image/webp 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*r3OOabtRnFMn_7VwyvkjNQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76c34eae20e4ae420ba44ee11acdc26a0d54c18cd03296a65101d3bc7593d978

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 737
content-disposition: inline; filename="1*r3OOabtRnFMn_7VwyvkjNQ.webp"
alt-svc: h3=":443"; ma=86400
content-length: 18848
x-request-id: de8e2f78-9834-43d4-90fb-a27330cb78f1
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImFmNzM4ZTY5YmI1MTljNTMyN2ZmYjU3MGNhZjkyMzM1Ig"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb743f5435f1-FRA
expires: Sat, 16 Nov 2024 12:19:03 GMT

GET
H2 200 1*Nhgz4O-kugq-iA0ZyewdJQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 14 KB
14 KB 646ms
626ms Image
image/webp 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*Nhgz4O-kugq-iA0ZyewdJQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bfe36ba78327a014b19111e978f4925c57e08ef282381672accc4548e01198f

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 475
content-disposition: inline; filename="1*Nhgz4O-kugq-iA0ZyewdJQ.webp"
alt-svc: h3=":443"; ma=86400
content-length: 14048
x-request-id: d5f8b66e-5f84-4c0d-b21a-ce49109ec21d
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjM2MTgzM2UwZWZhNGJhMGFiZTg4MGQxOWM5ZWMxZDI1Ig"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb743f5735f1-FRA
expires: Sat, 16 Nov 2024 12:19:03 GMT

GET
H2 200 1*bp6OLgDK6uXUrwKumwLNYw.png
miro.medium.com/v2/resize:fit:720/format:webp/ 24 KB
25 KB 657ms
638ms Image
image/webp 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*bp6OLgDK6uXUrwKumwLNYw.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cb495b2e2fa122610f565a47b327fd53efcc27f253c5d513db42888b28220c4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 489
content-disposition: inline; filename="1*bp6OLgDK6uXUrwKumwLNYw.webp"
alt-svc: h3=":443"; ma=86400
content-length: 25010
x-request-id: 0c6f3156-0f65-4dab-979c-80e179897d8a
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjZlOWU4ZTJlMDBjYWVhZTVkNGFmMDJhZTliMDJjZDYzIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb743f4d35f1-FRA
expires: Sat, 16 Nov 2024 12:19:03 GMT

GET
H2 200 1*o6dnII4nvVrYo1tkX4rSlQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 18 KB
18 KB 770ms
754ms Image
image/webp 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*o6dnII4nvVrYo1tkX4rSlQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e83b7d6faf5d6660a5a1362b1488cf342b71ef9242ab72a3fe9b4757400870c8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 614
content-disposition: inline; filename="1*o6dnII4nvVrYo1tkX4rSlQ.webp"
alt-svc: h3=":443"; ma=86400
content-length: 18426
x-request-id: 068a197e-e735-4906-97d3-c8563f4f0c1a
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImEzYTc2NzIwOGUyN2JkNWFkOGEzNWI2NDVmOGFkMjk1Ig"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb743f5835f1-FRA
expires: Sat, 16 Nov 2024 12:19:03 GMT

GET
H2 200 1*49e3qzis_eaXTI3gmygWLQ.png
miro.medium.com/v2/resize:fit:720/format:webp/ 62 KB
62 KB 1628ms
1627ms Image
image/webp 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*49e3qzis_eaXTI3gmygWLQ.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c86e6bb53fc3a7d7fa29e64b69f6b20d95f5968ee9b63e739dddde2381951fdc

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:04 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 1446
content-disposition: inline; filename="1*49e3qzis_eaXTI3gmygWLQ.webp"
alt-svc: h3=":443"; ma=86400
content-length: 63004
x-request-id: f6c699d0-b85d-4df7-ad4f-cd8ce2eee441
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImUzZDdiN2FiMzhhY2ZkZTY5NzRjOGRlMDliMjgxNjJkIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb746f8435f1-FRA
expires: Sat, 16 Nov 2024 12:19:04 GMT

POST
H2 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 189ms
188ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.36d119b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, clientele/main-20231012-152649-b8092c91fb
x-envoy-upstream-service-time: 18
cf-ray: 8277eb7968234d4f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 2230.c546f16c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 64ms
63ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2230.c546f16c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.bd42fca2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf9e6a6362e194c2e0d66aec3b1e207810fcd0eb794937c01e215478b29bc182

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
x-amz-version-id: xWJf__tEGtfK6SYsYt3.b.Ctl1FYrL2e
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NWQA4V69B6R8CXEC
age: 125137
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YpocriCW8Y4fQGU/OIaMp0zZkBtCqHFtQKKf20MwZhFDFCTGB8/FCcpPV8nbpA1C7mqspJLXPUUThBby4hZxPtjI2TRsg3xy
last-modified: Thu, 19 Oct 2023 20:38:05 GMT
server: cloudflare
etag: W/"5b5ebdea4bda0086b419f1dc8ca91a75"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb796dfd35f1-FRA
expires: Sat, 16 Nov 2024 12:19:03 GMT

POST
H2 200 graphql Show response
labs.guard.io/_/ 4 KB
712 B 306ms
306ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0aac40bd7aec347bca142c24eb275644e2c46bcf7a9fd828e1560a25f5e3d77a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 149
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"e1c-Zg3SK/fa9321HJhiNEG3vuakre0"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15, tutu/main-20231117-075347-8d35ca1572
cf-ray: 8277eb7968274d4f-FRA
x-request-received-at: 1700223543355

POST
H2 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 164ms
163ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.36d119b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, clientele/main-20231012-152649-b8092c91fb
x-envoy-upstream-service-time: 12
cf-ray: 8277eb7968294d4f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 GiveTipButton.7844a2d2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 42ms
41ms Script
application/javascript 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/GiveTipButton.7844a2d2.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.bd42fca2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc5cb8bee960b5d5fd591fde3730e4d20198f53a4883b19f1a36d072b7f4e0a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
x-amz-version-id: 5wxFaPBbZuXVEH4zg8t9Fz46CDAnJYq7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: JQK49W551XWWKQSG
age: 103124
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oBPvZ/DiAaFAgghVdZX2+M09eUH6G+njMO6u8DUApB9Iwy6IdMwtFem7S71xjWYJ50nva9jh/4KJTUiEPhXdOg==
last-modified: Thu, 19 Oct 2023 20:38:24 GMT
server: cloudflare
etag: W/"c9d3c6b5a486ea6dcc919c927917cf19"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8277eb79ee9a35f1-FRA
expires: Sat, 16 Nov 2024 12:19:03 GMT

GET
H2 200 gt-super-400-normal.woff
glyph.medium.com/font/4a44748/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
13 KB 32ms
32ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/4a44748/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/gt-super-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c05a07ac09c244b63a1755d524e094c32a18072335fb6cfc7f13da9cfe3eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 1334908
x-envoy-upstream-service-time: 114
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8277eb7a99693685-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 16 Nov 2024 12:19:03 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 233 KB
82 KB 392ms
19ms Script
application/javascript 142.250.186.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7JY7T788PK

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

01747862519f52b05eb23aec22f260d36860386766d2baec8998ca87820f9589

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83555
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Nov 2023 12:19:03 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 71 KB
22 KB 62ms
14ms Script
text/javascript 18.245.86.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-31.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6b3106a5a411804e9ee3be2158fb491408aa4dc923e03a0c74376f30bc323333

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: UkfElG6yIzo.BOEWL6zP4sMZe23_jxRr
content-encoding: gzip
via: 1.1 e0bdfd4f00aaa5b927cf38c4eda059ca.cloudfront.net (CloudFront)
date: Fri, 17 Nov 2023 12:15:10 GMT
last-modified: Thu, 14 Sep 2023 19:53:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P6
age: 234
etag: "17a75c4dd4a7b15a4695cb6822521c62"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 22162
x-amz-cf-id: LQocl6QvgYJHQsWjvggc8fGSVXAdTpmkDltKyBU2CBLfxWITG4pn3w==

GET
H2 200 5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74
miro.medium.com/v2/resize:fit:0/ 300 KB
300 KB 26ms
25ms Image
image/png 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:0/5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 202196
x-envoy-upstream-service-time: 124
content-disposition: inline; filename="5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74.png"
alt-svc: h3=":443"; ma=86400
content-length: 306868
x-request-id: c9c5004a-65a6-4bbc-9835-64d2f64bd4d2
sepia-upstream: medium
server: cloudflare
etag: "yj0WO6sFU4GCciYUBWjzvvfqrBh869doeOC2Pp5EI1Y/RIjIwZDEwN2Y4NjUyZGRjYWYzMDBkNGYxNjllNjMwODQ5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8277eb7abfd935f1-FRA
expires: Sat, 16 Nov 2024 12:19:03 GMT

POST
H2 200 graphql Show response
labs.guard.io/_/ 129 B
231 B 184ms
184ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

109bd4bbc20925d11b737c88645af9026fa4d893e09005ebdddc58c9173f2985

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 28
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"81-4EWxeljzbpBuOAZoFKfJdCpLo+0"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15
cf-ray: 8277eb7c3b064d4f-FRA
x-request-received-at: 1700223543815

POST
H2 200 graphql Show response
labs.guard.io/_/ 80 B
275 B 165ms
164ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: AvatarMenuQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 21
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"50-uwdNQiS1cauYvMsRotgPVGuGSSE"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15
cf-ray: 8277eb7c3b0a4d4f-FRA
x-request-received-at: 1700223543808

POST
H2 200 graphql Show response
labs.guard.io/_/ 974 B
530 B 189ms
187ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d52136e643ff5d4004628d30b028617d549afa62ddfceb48091376c7a4e667cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 58
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"3ce-vqjK/9UY2dlT6WOH7oQeNGd6L/U"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15, tutu/main-20231117-075347-8d35ca1572
cf-ray: 8277eb7c3b184d4f-FRA
x-request-received-at: 1700223543800

POST
H2 200 graphql Show response
labs.guard.io/_/ 210 B
275 B 189ms
188ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

806613855b2e3ea0c9e6ca2be9bc19d17aff7be9744f14cf1e5de87c6c55450d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 47
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-bzbtSoQEeIuJEv7re/BuYcIly2Y"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15, tutu/main-20231117-075347-8d35ca1572
cf-ray: 8277eb7c3b1c4d4f-FRA
x-request-received-at: 1700223543809

POST
H2 200 graphql Show response
labs.guard.io/_/ 27 B
253 B 181ms
180ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: ViewerQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400
content-length: 27
x-xss-protection: 0
server: cloudflare
etag: W/"1b-zcE2qsOE110W+7rHoTa9C+cwT68"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15
cf-ray: 8277eb7c3b1e4d4f-FRA
x-request-received-at: 1700223543818

POST
H2 200 graphql Show response
labs.guard.io/_/ 96 B
219 B 201ms
200ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38fee571b34dfd85de8f16ee665dc12c5686d6940737b5ca036fe621db52ae56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 59
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"60-IG4p1kXe2Q1Y60HwxBrIYyYd7t4"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15, tutu/main-20231117-075347-8d35ca1572
cf-ray: 8277eb7c4b214d4f-FRA
x-request-received-at: 1700223543806

GET
H2 200 _r Show response
app.link/ 91 B
639 B 503ms
168ms Script
text/javascript 65.9.66.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.80.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.56 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-56.fra56.r.cloudfront.net

Software

openresty /

Resource Hash

0084cc2a733c1f8c865bad9fc6df8e16a5f718df7a64e79e4a6f746b8d7758f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 12:19:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
server: openresty
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop: FRA56-C1
etag: W/"5b-nVbs3kxnpO+JXAwWDHZutj6MXXE"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: FaGgRioHTDcJdQTudlIc_5BmY0Pq_haMAEiUFdpvIgcM62V7_cvDMA==

POST
H2 200 graphql Show response
labs.guard.io/_/ 81 B
238 B 194ms
194ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: e5fc117c63e6274
medium-frontend-path: /masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
medium-frontend-app: lite/main-20231117-105030-69cc24be15
apollographql-client-version: main-20231117-105030-69cc24be15
ot-tracer-spanid: 154f9ec87bfbf93c

Response headers

date: Fri, 17 Nov 2023 12:19:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 28
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"51-hbfNDSGVO0/XLJV9LgsKsOBLP4E"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, rito/main-20231117-105030-69cc24be15
cf-ray: 8277eb7daca34d4f-FRA
x-request-received-at: 1700223544037

POST
H2 204 collect
region1.google-analytics.com/g/ 0
252 B 362ms
31ms Ping
text/plain 216.239.32.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7JY7T788PK&gtm=45je3b81v9123887712&_p=1700223543468&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=550099668.1700223544&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700223544&sct=1&seg=0&dl=https%3A%2F%2Flabs.guard.io%2Fmasquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e&dt=%E2%80%9CMasquerAds%E2%80%9D%20%E2%80%94%20Google%E2%80%99s%20Ad-Words%20Massively%20Abused%20by%20Threat%20Actors%2C%20Targeting%20Organizations%2C%20GPUs%20and%20Crypto%20Wallets%20%7C%20by%20Guardio%20%7C%20Medium&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3625
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7JY7T788PK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 12:19:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.guard.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
691 B 526ms
183ms XHR
application/json 65.9.66.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-49.fra56.r.cloudfront.net

Software

Resource Hash

b06cd3b7df48e5e342286c7055ce46e9392593448996c956b1e8b4e6418854f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 17 Nov 2023 12:19:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 3c9f7d1b-513e-4740-8335-5b5f2a4881f3-2023111712
content-length: 316
x-amz-cf-id: 6xaJBImscSRQa6nTd9WVWs9As2Mcx5uKWMk29DK2eqRs_o3tklq6bw==

POST
H2 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 168ms
167ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.36d119b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 17 Nov 2023 12:19:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572, clientele/main-20231012-152649-b8092c91fb
x-envoy-upstream-service-time: 10
cf-ray: 8277eb8178854d4f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 204 rum Show response
labs.guard.io/cdn-cgi/ 0
157 B 19ms
19ms XHR
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/cdn-cgi/rum?

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type: application/json

Response headers

date: Fri, 17 Nov 2023 12:19:04 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://labs.guard.io
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8277eb8178884d4f-FRA

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
434 B 243ms
242ms XHR
application/json 65.9.66.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-49.fra56.r.cloudfront.net

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 17 Nov 2023 12:19:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 19d0d4527e1b4fc1826485c01327bdab-2023111712
content-length: 28
x-amz-cf-id: a9gAVRETh5x8l8zpDKwadhf0EDTuJDpYFFr7q-qDB6yp91aq1VTuNg==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
434 B 326ms
324ms XHR
application/json 65.9.66.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-49.fra56.r.cloudfront.net

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 17 Nov 2023 12:19:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 75bdadc1b8b24c9c8e6918e3f24adeee-2023111712
content-length: 28
x-amz-cf-id: cBMnrGCtySLVxt2gIbxgGOm-QuDv-DFV0hOAo-NClK78rgP9bnPqeg==

POST
H2 200 batch Show response
labs.guard.io/_/ 17 B
175 B 326ms
321ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.36d119b0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type: application/json

Response headers

date: Fri, 17 Nov 2023 12:19:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json
medium-fulfilled-by: edgy/8.4.0, valencia/main-20231117-074043-8d35ca1572
x-envoy-upstream-service-time: 140
cf-ray: 8277eb98c9844d4f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 17

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.labs.guard.io/	1969-12-31 23:59:59	Name: __cfruid Value: 3869dc73325a0011a04c3a8fb165a02bd6ed8b49-1700223540
.medium.com/	1970-01-21 01:04:05	Name: uid Value: lo_bc34186befcc
.medium.com/	1970-01-21 01:04:05	Name: sid Value: 1:JfMrlkiLCNWN0sHr7FoOQGIPd6BNrzgQKBi2FObnCN1+/mRdZi47yOBfNl2Ck2ZK
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 07db9365a5c325a1fc3d2eb1e2ab9382c6d6db83-1700223541
labs.guard.io/	1970-01-21 01:04:05	Name: uid Value: lo_bc34186befcc
labs.guard.io/	1970-01-21 01:04:05	Name: sid Value: 1:yM65nqQ6Sn6I2UA7l0gLxO5C1elLHdxIc/RSXIuJM/YFWU6poB8etIFbGTPHrKwI
labs.guard.io/	1970-01-20 16:17:04	Name: _dd_s Value: rum=0&expire=1700224443250
.guard.io/	1970-01-21 01:53:03	Name: _ga_7JY7T788PK Value: GS1.1.1700223544.1.0.1700223544.0.0.0
.guard.io/	1970-01-21 01:53:03	Name: _ga Value: GA1.1.550099668.1700223544
.app.link/	1970-01-21 01:02:39	Name: _s Value: pH%2B9IL%2BIP3yVZKI5WQHdfVGsHkyYuSUAIEbpBXBb%2BzcM9noTIoCd1U%2BkppRnmMU7

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e?gi=a77a7d880e5d(Line 41) Message: document.domain mutation is ignored because the surrounding agent cluster is origin-keyed.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
labs.guard.io
medium.com
miro.medium.com
region1.google-analytics.com
static.cloudflareinsights.com
www.googletagmanager.com
104.16.56.101
142.250.186.104
162.159.153.4
18.245.86.31
216.239.32.36
65.9.66.49
65.9.66.56
0084cc2a733c1f8c865bad9fc6df8e16a5f718df7a64e79e4a6f746b8d7758f9
01747862519f52b05eb23aec22f260d36860386766d2baec8998ca87820f9589
0370a5fb05f7637305b19b6a97711886b881c21866999394ba68ef9f9dcc1937
0600ce05b2a4074728f771e0d80181ae3083c2ecfac70ce6d2c922673a353c14
0792f6cc38339e0b554fe326c690d56a96806ed0dc474ce6f6d0aba18f765e6e
0aac40bd7aec347bca142c24eb275644e2c46bcf7a9fd828e1560a25f5e3d77a
0c4e595378a4c2585a1eb91b7f65ed0526940ed8fd37a31810cd1e2eb2920b12
109bd4bbc20925d11b737c88645af9026fa4d893e09005ebdddc58c9173f2985
14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e
14bb73cc99b70b81f155c380e0a7e52ae9f08ff7b958fe3c73192174d69036df
1f3f7e27c4bb5a99d6e4d13108c496731dc6449349e7a5f047532a3c28dc7a37
24183a1040266651c9220130eeb24ae69eaf1aea2f6cdf2928c47c1d28ec616f
281b3901b377860080d759708dc49406b0be870bc938d41bd55a02ebe1deb0b7
2bfe36ba78327a014b19111e978f4925c57e08ef282381672accc4548e01198f
31093433d84ab20771fe8c27f7d06cb71ee1539af828e27e5d57c0dea25d3cdb
3177c0013737d38f7a9fc5f06b3e7ba3d6d7ea0d02406d8c5beb176d26b701ab
36958875136eaa028381ba1b7c0169a46c0a3a80b12a2be773ec5e30479e3e87
37a92f6f729051d8f507d8e2102fb6ff65523e1cac9a02c5cf73f1503b446dfc
38fee571b34dfd85de8f16ee665dc12c5686d6940737b5ca036fe621db52ae56
3df22782693c9af50722c8e68c3bd5f0f2248d53b79cd278c2f0953d7b9d4571
3dfdb6f5b4806f1c38df4fe8759a9de97db51013d581eab964f30e0168c63824
3e114382d20a02d0ca050b5fb41beeeb8d1c63762fa2f2e2b75557a48117d365
40c05a07ac09c244b63a1755d524e094c32a18072335fb6cfc7f13da9cfe3eb9
46e758010f351793913ddca875cd4d6b107e4fe8b263b352c1da5b2f3d151021
4dfac81a0410ed02d8be292a5f187f96305bf57e17a668090d2ce69aee1ce9bf
4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14
5cb495b2e2fa122610f565a47b327fd53efcc27f253c5d513db42888b28220c4
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
6371dbf8600466f6a05a06c3372f54b5df5ea4ce7e2145571a7f72886d61d879
64800dcf33a384dab614eccb9bf5bc57cbe8c73387994772a5a4b1cec98b498c
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a
6b3106a5a411804e9ee3be2158fb491408aa4dc923e03a0c74376f30bc323333
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
72db7c46c8a82efb1628d95872ed2d0e0b7385ce7d288e852d55c2c18c5b85db
759d8ad5cca09ac8f038153626cad55a19ffb1844505994aaf5c5552edeb843c
76c34eae20e4ae420ba44ee11acdc26a0d54c18cd03296a65101d3bc7593d978
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
806613855b2e3ea0c9e6ca2be9bc19d17aff7be9744f14cf1e5de87c6c55450d
82a2d5c3934b1cdc633bdc0eed2c3470c223e94f264d90e0361bbd712f10215c
82e19483dee96a24ba028e9c3d16d27a9079a4d0032676f513f6eba560eac9f3
8d3e598ba737be043c5d785d54f858660c4dd4d22805b22a550876b017830f6b
9427605448321a75fc6fa3f273e0fb65c9669017c6ba9bf4a38133defebef75b
9be1ef395d225719d66914259410ea9cc8f5e486bc4aefc93b377fca48c5739e
9d4cacc612c452bdcc10a085e37f00f77d8863cb1e8fe669ca02c1156f2cb712
9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4
a63874daccb3ac3ed721179b9daf59fc73ac9699fcd1b1af58e3e1dc0b694797
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ab4e6c77ee5e6178222bb7deefc0c6d5b0e2b3ab2df5d8623da00840809e639d
b06cd3b7df48e5e342286c7055ce46e9392593448996c956b1e8b4e6418854f1
b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b9e3d86a3c839035863ff41aa0805bc3624fe6931c7d08476a3d0f171c6076c6
c07430ac1075c62498346fe13ef2ebc6c1981eec9947dd244e5a16bff4133cee
c796e07d66372e6ccc03188b7a4482d6ac6955591cbca0723784af67b5805913
c86e6bb53fc3a7d7fa29e64b69f6b20d95f5968ee9b63e739dddde2381951fdc
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
cf9e6a6362e194c2e0d66aec3b1e207810fcd0eb794937c01e215478b29bc182
d480cb91595b2ac6eb8c15c15b0a344d38e4112ff2e684d718c089fb9d69ca68
d52136e643ff5d4004628d30b028617d549afa62ddfceb48091376c7a4e667cb
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee
dc5cb8bee960b5d5fd591fde3730e4d20198f53a4883b19f1a36d072b7f4e0a0
df605e20fe7a05e0513c248e17c5a98c7cbc43fc7017e09f74ebdffae434386f
e365238b8f3b49688bb6f1344496c0e25a3ebe4302c859856e937f18f403d6a2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e83b7d6faf5d6660a5a1362b1488cf342b71ef9242ab72a3fe9b4757400870c8
e9cef62c70a4697d1f2c58207b61ab650f936ed856becf518e7097a1d6eca872
ed871cdd5c0d8def9f024a161b7b8e8cef778a47955c05a27fbdcf023b9fa4b1
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f300ff90ee98b1ad8acf6ebd7409dd8177fead0789d8f93854ad78f1ebb14c7b
f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

labs.guard.io Open in urlscan Pro 162.159.153.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

78 Requests

100 %HTTPS

0 %IPv6

7 Domains

11 Subdomains

7 IPs

2 Countries

1469 kBTransfer

3627 kBSize

10 Cookies

84 Outgoing links

Page URL History

Redirected requests

78 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

labs.guard.io Open in urlscan Pro
162.159.153.4 Public Scan

Screenshot
Live screenshot

Full Image

78
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

11
Subdomains

7
IPs

2
Countries

1469 kB
Transfer

3627 kB
Size

10
Cookies

78 HTTP transactions
0 data transactions