morphuslabs.com Open in urlscan Pro
52.1.119.170 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Effective URL:
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f...
Submission: On October 14 via api (October 14th 2019, 8:48:28 pm UTC) from US

Summary HTTP 89 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 9 domains to perform 89 HTTP transactions. The main IP is 52.1.119.170, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is morphuslabs.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 16th 2019. Valid for: a year.

This is the only time morphuslabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 7	52.1.119.170 52.1.119.170	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	2606:4700::68... 2606:4700::6810:797f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
8	2606:4700::68... 2606:4700::6810:7891	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
58	2606:4700::68... 2606:4700::6810:7791	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:6c0... 2a02:26f0:6c00:183::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.224.197.225 13.224.197.225	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.225.78.41 13.225.78.41	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.70.55.238 52.70.55.238	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2600:9000:20e... 2600:9000:20eb:4a00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2600:9000:215... 2600:9000:2156:6400:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	34.192.124.59 34.192.124.59	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	3.215.56.5 3.215.56.5	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
89	13

7 52.1.119.170 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-1-119-170.compute-1.amazonaws.com

morphuslabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:797f (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6810:7891 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

58 2606:4700::6810:7791 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:183::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.197.225 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-197-225.fra2.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.41 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-41.fra2.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.70.55.238 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-70-55-238.compute-1.amazonaws.com

srv-2019-10-14-20.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:4a00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:6400:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.192.124.59 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-192-124-59.compute-1.amazonaws.com

collector-medium.lightstep.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.215.56.5 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-215-56-5.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	2 MB
7	morphuslabs.com 1 redirects morphuslabs.com	38 KB
5	lightstep.com collector-medium.lightstep.com	2 KB
4	branch.io cdn.branch.io api2.branch.io	23 KB
2	parsely.com srv-2019-10-14-20.pixel.parsely.com	765 B
2	optimizely.com cdn.optimizely.com errors.client.optimizely.com	87 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	app.link app.link	724 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	17 KB
89	9

	Domain	Requested by
48	miro.medium.com	morphuslabs.com
10	cdn-client.medium.com	morphuslabs.com cdn-client.medium.com
8	glyph.medium.com	morphuslabs.com
7	morphuslabs.com	1 redirects cdn-client.medium.com
5	collector-medium.lightstep.com	cdn-client.medium.com
3	api2.branch.io	cdn-client.medium.com
2	srv-2019-10-14-20.pixel.parsely.com	d1z2jf7jlzjs58.cloudfront.net
2	www.google-analytics.com	morphuslabs.com
1	errors.client.optimizely.com	cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	morphuslabs.com
1	d1z2jf7jlzjs58.cloudfront.net	cdn-client.medium.com
1	cdn.optimizely.com	cdn-client.medium.com
1	medium.com	1 redirects
89	14

This site contains links to these domains. Also see Links.

Domain
medium.com
www.morphus.com.br
decoded.avast.io
ericzimmerman.github.io
attack.mitre.org
detect-respond.blogspot.com
help.medium.com

Subject Issuer	Validity	Valid
morphuslabs.com Sectigo RSA Domain Validation Secure Server CA	`2019-05-16` - `2020-05-15`	a year	crt.sh
*.medium.com DigiCert SHA2 Secure Server CA	`2018-07-31` - `2020-09-09`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
cdn.optimizely.com DigiCert ECC Secure Server CA	`2018-11-24` - `2020-02-23`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
*.branch.io DigiCert SHA2 Secure Server CA	`2018-12-05` - `2020-12-08`	2 years	crt.sh
*.pixel.parsely.com Let's Encrypt Authority X3	`2019-10-01` - `2019-12-30`	3 months	crt.sh
appipv4.link Amazon	`2019-08-19` - `2020-09-19`	a year	crt.sh
*.lightstep.com Let's Encrypt Authority X3	`2019-09-24` - `2019-12-23`	3 months	crt.sh
errors.client.optimizely.com DigiCert SHA2 High Assurance Server CA	`2018-09-24` - `2020-09-28`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
Frame ID: A611D462834DC2593D146B29974F3B53
Requests: 93 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998... HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malwar... HTTP 302
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

89
Requests

100 %
HTTPS

54 %
IPv6

9
Domains

14
Subdomains

13
IPs

3
Countries

2071 kB
Transfer

3757 kB
Size

10
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----998159e8a8a9----------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_page-----998159e8a8a9---------------------nav_reg-
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_page-----998159e8a8a9---------------------nav_reg-
Title: Get started

Search URL Search Domain Scan URL

URL: http://www.morphus.com.br/?source=post_page-----998159e8a8a9----------------------
Title: Sobre a Morphus

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=-a3844a6384ee-------------------------follow_byline-
Title: Follow

Search URL Search Domain Scan URL

URL: https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/
Title: 1

Search URL Search Domain Scan URL

URL: https://ericzimmerman.github.io/#!index.md
Title: 2

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1073/
Title: 3

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1093/
Title: 4

Search URL Search Domain Scan URL

URL: http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Title: 5

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_sidebar--------------------------follow_sidebar-
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_sidebar-----998159e8a8a9---------------------clap_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_actions_footer-----998159e8a8a9---------------------clap_footer-

Search URL Search Domain Scan URL

URL: https://medium.com/p/998159e8a8a9/share/twitter?source=follow_footer--------------------------follow_footer-

Search URL Search Domain Scan URL

URL: https://medium.com/p/998159e8a8a9/share/facebook?source=follow_footer--------------------------follow_footer-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_actions_footer--------------------------bookmark_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=follow_footer-a3844a6384ee-------------------------follow_footer-
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=follow_footer--------------------------follow_footer-
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/p/998159e8a8a9/responses/show?source=follow_footer--------------------------follow_footer-
Title: Write the first response

Search URL Search Domain Scan URL

URL: https://medium.com/@tstillz17/basic-static-analysis-part-1-9c24497790b6?source=post_recirc---------0------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_recirc-----9c24497790b6----0-----------------clap_preview-

Search URL Search Domain Scan URL

URL: https://medium.com/@tomnomnom/making-a-blind-sql-injection-a-little-less-blind-428dcb614ba8?source=post_recirc---------1------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_recirc-----428dcb614ba8----1-----------------clap_preview-

Search URL Search Domain Scan URL

URL: https://medium.com/@codingkarma/pe-section-header-injection-using-code-cave-1451912d814c?source=post_recirc---------2------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&source=post_recirc-----1451912d814c----2-----------------clap_preview-

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----998159e8a8a9----------------------
Title: Discover Medium

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----998159e8a8a9----------------------
Title: Make Medium yours

Search URL Search Domain Scan URL

URL: https://medium.com/membership?source=post_page-----998159e8a8a9----------------------
Title: Become a member

Search URL Search Domain Scan URL

URL: https://help.medium.com/?source=post_page-----998159e8a8a9----------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.com/policy/9db0094a1e0f?source=post_page-----998159e8a8a9----------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://medium.com/policy/f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9 HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9 HTTP 302
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

89 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9 Show response
morphuslabs.com/
Redirect Chain

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

185 KB
36 KB

585ms
585ms

Document
text/html

52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx /

Resource Hash

22d6a958af757535a5158d10d6607b8cae6bccea95a38a60387f36ea7753aadf

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

:method: GET
:authority: morphuslabs.com
:scheme: https
:path: /guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
server: nginx
date: Mon, 14 Oct 2019 20:48:11 GMT
content-type: text/html; charset=utf-8
set-cookie: optimizelyEndUserId=lo_UQOK5mSaPYsX; path=/; expires=Tue, 13 Oct 2020 20:48:10 GMT; secure uid=lo_UQOK5mSaPYsX; path=/; expires=Tue, 13 Oct 2020 20:48:10 GMT; secure; httponly sid=1:DTh5dUmhimBlrNn9VMNVTWVBM/CVD1gb+SS9mSPqfzYnW3qZVRK3dV8q0u6FD88A; path=/; expires=Tue, 13 Oct 2020 20:48:10 GMT; secure; httponly
sepia-upstream: production
x-frame-options: allow-from medium.com
medium-fulfilled-by: lite/master-20191011-235107-887b7f41b7, rito/master-20191012-210501-bc06fb7b5c, tutu/38892-983fbbd
etag: W/"2e4af-GbvZun++QccQSGGxtelu+u1rMLA"
vary: Accept-Encoding
content-encoding: gzip
x-envoy-upstream-service-time: 433

Redirect headers

status: 302
date: Mon, 14 Oct 2019 20:48:10 GMT
content-type: application/octet-stream
set-cookie: __cfduid=d21affbc53e3069b2791e4fa15e0445361571086090; expires=Tue, 13-Oct-20 20:48:10 GMT; path=/; domain=.medium.com; HttpOnly uid=lo_UQOK5mSaPYsX; Expires=Tue, 13-Oct-20 20:48:10 GMT; Domain=.medium.com; Path=/; Secure; HttpOnly optimizelyEndUserId=lo_UQOK5mSaPYsX; path=/; expires=Tue, 13 Oct 2020 20:48:10 GMT; domain=.medium.com; secure sid=1:cIkM9dJy9a5/4lHLzFpqY45y4jH2JrGSHmeAqx7VOKUDjBbYIIdhtDrGuhbYkScV; path=/; expires=Tue, 13 Oct 2020 20:48:10 GMT; domain=.medium.com; secure; httponly __cfruid=c84b2bd95aa5326c5e07ecddc691a4e136b7d5bc-1571086090; path=/; domain=.medium.com; HttpOnly
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1571086090383:47a0666520d0
x-obvious-info: 38891-683af53,683af53ee2d
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
location: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
alt-svc: h3-23=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 525c69a07b1dcbac-VIE

GET
H2 200 m2.css
glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/ 44 KB
29 KB 87ms
38ms Stylesheet
text/css 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

087a4c7aa118304c5ce85d5917d95a49b3c93204ef3500752dfde52595e4eac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1734
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 525c69a5de74cb98-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 15 Oct 2019 00:48:11 GMT

GET
H2 200 1*JH0JTmpsTGDOH129UenyGg.png
miro.medium.com/fit/c/96/96/ 15 KB
15 KB 194ms
153ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*JH0JTmpsTGDOH129UenyGg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

55b18f385c40f0447b76d62f8026eeb2c78325d5c2041ac051d2b978d25bc92e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 15452
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a5ca4f8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 0*AfVsdz2TZBKfkmtC.png
miro.medium.com/max/60/ 2 KB
3 KB 134ms
133ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*AfVsdz2TZBKfkmtC.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

e469b68ffc292560e6cb3ecc248c3433fc767cd1da76071575f66b43311529e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 2555
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a5fa718c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 0*J2y62UJX9dZGcgmR.png
miro.medium.com/max/60/ 3 KB
3 KB 148ms
144ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*J2y62UJX9dZGcgmR.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

22b22085d461bc9010931dbf9a3d86a769dd8c6bd17bbe62f666c69d7aebc5b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 3287
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a8f8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*H7_S0j-ikigmgb_ZWxb1og.png
miro.medium.com/max/60/ 734 B
802 B 155ms
151ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*H7_S0j-ikigmgb_ZWxb1og.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

83b3a7d19901dce2225b8169547dd978156fd24081c6ec04b85ddd1989d02bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 734
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a908c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*V7ZqTqzHH1QEX16qi2HW3Q.png
miro.medium.com/max/60/ 925 B
1016 B 167ms
163ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*V7ZqTqzHH1QEX16qi2HW3Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

083dbe4c8a656c48931cea871be647dba79584764dfccdacca8088a10c73df4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 925
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a918c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*Mj2PfPWE0MrsRkvW20lDLA.png
miro.medium.com/max/60/ 2 KB
2 KB 147ms
144ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*Mj2PfPWE0MrsRkvW20lDLA.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

e3c257a59cc13d2b7b274694e7e73307f693ad68f16c8842d057ad5bc3274be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1692
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a928c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*TEKAzBpp8u66-C9-eomwXQ.png
miro.medium.com/max/60/ 3 KB
3 KB 144ms
141ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*TEKAzBpp8u66-C9-eomwXQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

7223a4301655bc2f5cd603761b8e9b5fe465c767303e4c5ae9da072a60f73421

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 2579
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a938c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 0*6zd0na7Tly4J4mbD.png
miro.medium.com/max/60/ 2 KB
2 KB 148ms
145ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*6zd0na7Tly4J4mbD.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

07097afa2112f890582862780e51240b956a99f50f88379f4c6052ee0e53c812

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1855
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a948c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*edJKTu-kkya5YEevQc7e9Q.png
miro.medium.com/max/60/ 3 KB
3 KB 141ms
138ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*edJKTu-kkya5YEevQc7e9Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

015c2c44e8e395216375e746d3125b1feac4cc9d6beddeb4fb909767dca584bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 2842
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a958c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*EGztmI_ZvGz_XU6OCeHPOQ.png
miro.medium.com/max/60/ 4 KB
4 KB 150ms
147ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*EGztmI_ZvGz_XU6OCeHPOQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

dc67f265011a1c47298ea7d976f4e1bcbbdb10aecf52d1f58ced18bbbc910a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 3627
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a968c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*mjJuq3hyhiwYVi1UawPEMw.png
miro.medium.com/max/60/ 2 KB
2 KB 162ms
159ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*mjJuq3hyhiwYVi1UawPEMw.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

fe41c04896df909954b6d10420ba301a384b9997a99aacb41bab3866f33078a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 2145
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a978c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*hYw3SBPvwnb_aGZ6gr13uQ.png
miro.medium.com/max/60/ 1 KB
1 KB 161ms
159ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hYw3SBPvwnb_aGZ6gr13uQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

befc42916da44b486990e11816ecae723983b947620cb4a205276c7d4b9dfa59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1116
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a62a998c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*PbxUU3U7oWxV135fd_ptsg.png
miro.medium.com/max/60/ 3 KB
3 KB 159ms
157ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*PbxUU3U7oWxV135fd_ptsg.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

8c770f5838712c53206a0f6a475abb14883d82a1e118476171c7a3facf96f080

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 3359
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63aa88c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*AYyRs6s7mbA-rBdPL9Tn2Q.png
miro.medium.com/max/60/ 835 B
903 B 157ms
155ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*AYyRs6s7mbA-rBdPL9Tn2Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

29d2b25d22c273ab1dad31cad38757374cad5768e57a594f2538e67dd030c3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 835
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63aa98c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*738NV2OoISUCoQZu5z9YRw.png
miro.medium.com/max/60/ 1 KB
1 KB 148ms
146ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*738NV2OoISUCoQZu5z9YRw.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

2487264e6d31a3796f975cfbf0289e5ef0256d3cea8d9e5a4483eeac09f688bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1183
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63aaa8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*hDRjw-p3DepQ649qEMLzMg.png
miro.medium.com/max/60/ 2 KB
2 KB 159ms
157ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hDRjw-p3DepQ649qEMLzMg.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

0297ecee7cd3d457a617fb2bbf695901f2dcb7ec0a75834d8f9d04d9f0c98ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 2393
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63aab8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*B9-GjDBn7CTodZa6F_aneA.png
miro.medium.com/max/60/ 2 KB
2 KB 159ms
157ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*B9-GjDBn7CTodZa6F_aneA.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

72ba43a3896f549ba6bf0f6360a9e4b3fec053d459f25b3e356096f43d1b75c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3204-f09a946
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1678
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63aac8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 0*3Ax5sp6x8dB2torU.png
miro.medium.com/max/60/ 1 KB
1 KB 192ms
190ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*3Ax5sp6x8dB2torU.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

18c58e9ffeeeb5252d8f3170aec98c387d3be45775bbde1616db548d0a698366

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3207-e0e5660
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1070
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63aae8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*JH0JTmpsTGDOH129UenyGg.png
miro.medium.com/fit/c/160/160/ 38 KB
38 KB 174ms
173ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*JH0JTmpsTGDOH129UenyGg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c2a446856aff8e0934a0d009a4a13311e324756bd4e478d1727cd3e4e87464ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 38521
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63aaf8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 1*y82b5CliG--Ip2bLLUKKQA.png
miro.medium.com/fit/c/160/160/ 25 KB
25 KB 39ms
38ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*y82b5CliG--Ip2bLLUKKQA.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

cff896eba3c403eabd6e84b5ff4edeba11b246affd828f13e52bd13bda839d18

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 264290
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 25380
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69a63ab08c6e-VIE
expires: Wed, 13 Nov 2019 20:48:11 GMT

GET
H2 200 manifest.e4f5d9b1.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
2 KB 92ms
78ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.e4f5d9b1.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d2d7b8bc8d12444cab1737fa37f35597f5f147971eee5ab13d653557575bd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245241
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: E931C9AF20CDA662
x-amz-id-2: oHxPa+V6yTNaDIY+aplq7vRhJs9I8sABCeFgqB5/FNXl3pjT3SQBS0xAUBQdB7hfqIHLe8/pB2A=
last-modified: Fri, 11 Oct 2019 23:56:58 GMT
server: cloudflare
etag: W/"b90d0794f3e09ff19372d94ab1eed520"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: TzawfIjfDAo6vUvTiF6tce.6GRESjrOJ
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a63ab88c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 vendors~main.529abc22.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 802 KB
210 KB 50ms
36ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c573f735decf5f22fac836e1b31d2ab0f291821d8baff16a0979c6182e733d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 279329
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: A28AED3E89FB2FD3
x-amz-id-2: HcHB+lauRA808L0ujv+1aY0/r6P9g344qO2XJDDc+GV6FvTs1lENlZZEOELDYRoKYkMzToDzNng=
last-modified: Fri, 11 Oct 2019 15:07:14 GMT
server: cloudflare
etag: W/"891873f3450c55cd68105a962ca23890"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qmKR4Rb4d8SWT9HjaSGl6ZfDBh0EuDm3
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a63ab68c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 main.530f02d6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 377 KB
87 KB 55ms
41ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a88df8d30153788e60d3064d1986e4fdbed590cf12603b7e3b9d49cf878da92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13667
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: 2D1B2916EE18638E
x-amz-id-2: aNjFhkGfZgmqhrfPslelP6r2cfyw19utP8arj+FACR99MZeDDeDOXDuAE+eWSsveaPL0RSnhWXY=
last-modified: Fri, 11 Oct 2019 23:32:59 GMT
server: cloudflare
etag: W/"38d48e4a3b2b7b87ae905f6469d5a3c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Rv9y5iRroE.ba..SPlPYdXYCHtkiX1l.
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a63ab28c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 vendors~screen.landingpages.pres45~screen.post~screen.post.amp~screen.post.series~screen.profile~scr~a7af54c6.0a082142.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 34 KB
15 KB 87ms
74ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/vendors~screen.landingpages.pres45~screen.post~screen.post.amp~screen.post.series~screen.profile~scr~a7af54c6.0a082142.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3222559e23fb1d20f96bd1defbf1c803a87aaa30a6af317db431a9a2ddb0716c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 606815
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: CF8ABBBB3B89EEC8
x-amz-id-2: C+i5ONXGo20P6M3BskQvqvvPYAOud6/vqjjbAFp/7e+BtDVlnDNyXCpi+eIX3i7LYl5SCFgm9Vs=
last-modified: Mon, 07 Oct 2019 20:08:40 GMT
server: cloudflare
etag: W/"05efcf90c1212adb5b6d23b1c288132f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0_rBI0MLTV_Y35sKeWtmsTb2rAi6Qhfr
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a63ab58c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 screen.post~screen.post.amp~screen.post.series~screen.profile~screen.sequence.library~screen.sequenc~036c6b37.2b0fb77a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 49 KB
15 KB 66ms
53ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.post~screen.post.amp~screen.post.series~screen.profile~screen.sequence.library~screen.sequenc~036c6b37.2b0fb77a.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

857ee40eaf5d420ffcf131deb2fe0dc81ff76a8951ac598f1a10504a710fbc87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 279329
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: F7FD0862DA0C8255
x-amz-id-2: ujO5Btolfaoi5dw2JvvVTIrajxdZIFnlczn5REeN9sWJMjQSBW9rtDEPtgC07xkp3f6zOKeHXrk=
last-modified: Fri, 11 Oct 2019 15:07:11 GMT
server: cloudflare
etag: W/"5cecce904ca0d7ceb14483afb53c93d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: uRwnwnUd426mtGs9y4K1DZphkaVUSe58
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a63ab98c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 screen.landingpages.pres45~screen.post~screen.post.amp~screen.post.series~screen.profile~screen.sequ~84968f7b.58eed93e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 123 KB
32 KB 93ms
80ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.landingpages.pres45~screen.post~screen.post.amp~screen.post.series~screen.profile~screen.sequ~84968f7b.58eed93e.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2b81052f6d701c3c3d88117405c711ca5df41c8c6914b7b24f92fe3adefb870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 279329
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: 3CE3F73F3F1C8AEC
x-amz-id-2: 2j3R2yqAYj4OoClPA96LLmcPd8n7eAJcMRmpIFXUgtAbawazji3FPj7svPWc0vQFyUgQR3LPcLE=
last-modified: Fri, 11 Oct 2019 15:07:09 GMT
server: cloudflare
etag: W/"75e4f6384097164e8eb700adaca2a176"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: nAsnBIuHTybtzils6Js.XhDfivlDPiGS
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a63ab48c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 screen.post~screen.post.amp~screen.sequence.post.604b8bcc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 133 KB
33 KB 27ms
26ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.post~screen.post.amp~screen.sequence.post.604b8bcc.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

709f6fb6e00d7edeb76032095412e673b8e9dac0241b9ecbff8d57125e269452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245241
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: 06AB605FAB34AE90
x-amz-id-2: /ne+BnOKht/U66uGNK4Wi6b4F3Yw6gi5tN0caq6jPdiRMWkkSDx0EaIGO/zQGg1YxfWWCJLj2rw=
last-modified: Fri, 11 Oct 2019 23:57:03 GMT
server: cloudflare
etag: W/"9d8b5c51f8a8c89461342b08c029a475"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: bGLyqqYBl1rLvhJu9yXW2br.wqIQOC1_
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a68adc8c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 screen.post.93faa1a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 81 KB
21 KB 27ms
27ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.post.93faa1a3.chunk.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

714051a151868ba5568f4de7a233da84706d0c93c3350182405802ab1b8501e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245241
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: 934BFEE94E1A2BA0
x-amz-id-2: a3VHr2RQUiGsD32Dy2fnB9BxQLBSE3qXQxI6ZrPTpqIQ71Gxy/E6phHKFNY4CJ+7pVgRiIDaUz0=
last-modified: Fri, 11 Oct 2019 23:57:00 GMT
server: cloudflare
etag: W/"ed3282665d6503800ed0fe3c679ef2bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: i9_lY0SN40cXAyJych84lpj3i8kr1kHs
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a68add8c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3241
date: Mon, 14 Oct 2019 19:54:10 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 14 Oct 2019 21:54:10 GMT

GET
DATA 200
OK truncated
/ 156 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c0cc04185396c9a83cfda3644c23327d7d8ff9247157c438575b83713894173

Request headers

Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 9 KB
9 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://morphuslabs.com

Response headers

Content-Type: font/opentype

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://morphuslabs.com

Response headers

Content-Type: font/opentype

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 14 KB
14 KB 71ms
41ms Font
application/font-woff 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 537711
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 525c69a66f97596a-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://morphuslabs.com

Response headers

Content-Type: font/opentype

GET
H2 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
10 KB 79ms
50ms Font
application/font-woff 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

41532aec4c3a3a0747ca853b064ef7a96483a95798a6526974ec043997e2ccf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 32203
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 525c69a66f9a596a-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
11 KB 278ms
249ms Font
application/font-woff 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 525c69a66f99596a-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 marat-sans-400-normal.woff
glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 14 KB
15 KB 57ms
38ms Font
application/font-woff 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/marat-sans-400-normal.woff

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 32204
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 525c69a66f9e596a-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 19 KB
19 KB 314ms
303ms Font
application/font-woff 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-700-normal.woff

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

97662b05befa582ec9dab3d08f63b49f21eb22ea1e3fcd69295f73a950e0e3e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 525c69a66f9d596a-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 21 KB
21 KB 281ms
276ms Font
application/font-woff 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-400-italic.woff

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

59153ae1634105ecee1e6fb6acca980991d194fc49b651e2576aac4e5817223b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 525c69a66f9b596a-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 charter-400-normal.woff
glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 19 KB
19 KB 43ms
38ms Font
application/font-woff 2606:4700::6810:7891
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-400-normal.woff

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc72a2ca45067a3d17fed4cd8776fec5dca3b9ecd7300e107f9256a86a0c8b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://morphuslabs.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 32204
status: 200
access-control-max-age: 86400
alt-svc: h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 525c69a66f98596a-VIE
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 17ms
17ms Image
image/gif 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=385826127&t=pageview&_s=1&dl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9%3Fgi%3Dae9ee7f1f2eb&ul=en-us&de=UTF-8&dt=Guildma%20malware%20is%20now%20accessing%20Facebook%20and%20YouTube%20to%20keep%20up-to-date&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=129603490&gjid=852958535&cid=2090601449.1571086091&tid=UA-24232453-2&_gid=1307555087.1571086091&_r=1&z=1298450321

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Oct 2019 20:48:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 client-ready Show response
morphuslabs.com/_/lite/performance/ 2 B
244 B 99ms
99ms Fetch
text/plain 52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://morphuslabs.com/_/lite/performance/client-ready

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
sepia-upstream: production
server: nginx
x-frame-options: allow-from medium.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
medium-fulfilled-by: lite/master-20191011-235107-887b7f41b7
x-envoy-upstream-service-time: 6
content-length: 2

GET
H2 200 vendors~tracing.4977e498.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 28ms
28ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/vendors~tracing.4977e498.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.e4f5d9b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

318956b9e83c2237301fa8321e7bf33eb666ed2078bd1ebf72339fb49c174a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432077
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: 87AF19647F6B8E71
x-amz-id-2: quBJM4T4pNhF6vMNSJmK9/lVgeevwYJ++92VnCQkscmEdHiuK/F1WLvbu0HqC4xaJoaE5UjFz2c=
last-modified: Wed, 25 Sep 2019 20:34:54 GMT
server: cloudflare
etag: W/"1544bf95ed0af15329bf8c12caf3d049"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: PNlGul.T2sNGntxk5wXn0PiITsrd2Kze
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a86c0a8c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 tracing.78dd8a0d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 2 KB
1 KB 23ms
23ms Script
application/javascript 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/tracing.78dd8a0d.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.e4f5d9b1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7386acc07935c7aa30fd306fefcd4eb38e8153c111a407c1f6e0dd5176857961

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 432077
status: 200
alt-svc: h3-23=":443"; ma=86400
x-amz-request-id: 02F01A22CC0E6AC2
x-amz-id-2: QI3ZSnlxMOZJSrkZ63VrgQlVqmHKNdYXVH2M4Wms1EvYya218svUWmO1+24XMjTIjt3LcXLdJds=
last-modified: Wed, 25 Sep 2019 20:34:53 GMT
server: cloudflare
etag: W/"4c647bddfc8ef43242719f4373109f44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: bWq1BksTubivpO.ul5toojbwZ8F4hfU7
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 525c69a86c0b8c6e-VIE
expires: Tue, 13 Oct 2020 20:48:11 GMT

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 282 KB
87 KB 31ms
13ms Script
text/javascript 2a02:26f0:6c00:183::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:183::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

97ddf4bbebcc04f8a56d4f62f841b1be2c6b5e3964a8be4624092244bd4f9c74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: kT3ZVmwxhWXMmu7UeRfUxsiGo5XE35Dq
content-encoding: gzip
etag: "2b840df2a806378c60a12f868eaf225b"
x-amz-request-id: A35E80F436EE82C4
status: 200
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:183::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 87889
x-amz-id-2: M+bhyp+eYmQ8xROKPkGlwtDnXo61eaHRnuIvN5xLeD16GANwy2tjWqIuC3u1mbS8yHZiVKbmyHk=
last-modified: Fri, 11 Oct 2019 17:07:10 GMT
server: AmazonS3
date: Mon, 14 Oct 2019 20:48:11 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
x-amz-meta-revision: 387
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

POST
H2 200 graphql Show response
morphuslabs.com/_/ 94 B
392 B 1005ms
1005ms Fetch
application/json 52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e8f4608d5f344ecec49c7d24c21d84967251827e24567599214a8f07fcd21921

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Medium-Frontend-App: lite/master-20191011-235107-887b7f41b7
apollographql-client-version: master-20191011-235107-887b7f41b7
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
sepia-upstream: production
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: *
medium-fulfilled-by: rito/master-20191012-210501-bc06fb7b5c, tutu/38892-983fbbd
x-envoy-upstream-service-time: 910
content-length: 94
x-request-received-at: 1571086091902

POST
H2 200 graphql Show response
morphuslabs.com/_/ 3 KB
1 KB 639ms
639ms Fetch
application/json 52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://morphuslabs.com/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 18c564992085b41d8d097193506a81b3e972cbeb6b198a8d8ff733f36dda69a4

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Graphql-Operation: PostRecircQuery
content-type: application/json
accept: */*
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
Medium-Frontend-App: lite/master-20191011-235107-887b7f41b7
apollographql-client-version: master-20191011-235107-887b7f41b7
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
content-encoding: gzip
sepia-upstream: production
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: *
medium-fulfilled-by: rito/master-20191012-210501-bc06fb7b5c, tutu/38892-983fbbd
x-envoy-upstream-service-time: 544
x-request-received-at: 1571086091914

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/ 41 KB
17 KB 29ms
6ms Script
application/x-javascript 13.224.197.225
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.197.225 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-197-225.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 58711bafae315df048e1bc0c36ae1dfd017810b34fd9b4b021f774694397baad

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 18:18:55 GMT
Content-Encoding: gzip
Age: 8956
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Pragma: public
Last-Modified: Mon, 07 Oct 2019 18:17:48 GMT
Server: nginx
ETag: "5d9b814c-a469"
Content-Type: application/x-javascript
Via: 1.1 cb33a7a4640adbb55df3e0d143601559.cloudfront.net (CloudFront)
Cache-Control: max-age=86400, public
X-Amz-Cf-Pop: FRA2-C1
X-Amz-Cf-Id: eOercmqp1RKZNFYMiX1d-INBA0V1LseakiDGV-A4z1gYLU4OWgxGLA==
Expires: Tue, 15 Oct 2019 18:18:55 GMT

GET
H2 200 1*JH0JTmpsTGDOH129UenyGg.png
miro.medium.com/fit/c/48/48/ 4 KB
5 KB 141ms
139ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/48/48/1*JH0JTmpsTGDOH129UenyGg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

e602189b36334aa9a892369f15e03e836fdbb189b49d142fdfb90e26e34533c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3206-10ea718
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 4597
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee088c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 0*AfVsdz2TZBKfkmtC.png
miro.medium.com/max/30/ 1 KB
1 KB 134ms
131ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/0*AfVsdz2TZBKfkmtC.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

b8ebf598b34dcc1560e2d1422cf59d790c70e90939b531ebed9715b7c8d79465

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1040
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee0f8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 0*J2y62UJX9dZGcgmR.png
miro.medium.com/max/30/ 1 KB
1 KB 132ms
129ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/0*J2y62UJX9dZGcgmR.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

05d4106d3a548969b84d3b1299ccf9cf1238d63544ed861e7ede764a13c94265

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1055
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee108c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*H7_S0j-ikigmgb_ZWxb1og.png
miro.medium.com/max/30/ 299 B
367 B 133ms
130ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*H7_S0j-ikigmgb_ZWxb1og.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

368f87facc41a6e35ec6c451fdbcc05cf5054c5237ce4869e4046ecc1078e462

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 299
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee128c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*V7ZqTqzHH1QEX16qi2HW3Q.png
miro.medium.com/max/30/ 398 B
466 B 134ms
132ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*V7ZqTqzHH1QEX16qi2HW3Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

3da102a375c452aae5814cd6e69e7d6f2f1cfa4e686e07c5f4b79dff97e573c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 398
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee138c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*Mj2PfPWE0MrsRkvW20lDLA.png
miro.medium.com/max/30/ 640 B
710 B 167ms
165ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*Mj2PfPWE0MrsRkvW20lDLA.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

109b89370027b4083d05e91e5d3903506c7ae68729f4a95b1366dbffcffc2088

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 640
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee148c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*TEKAzBpp8u66-C9-eomwXQ.png
miro.medium.com/max/30/ 842 B
910 B 141ms
139ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*TEKAzBpp8u66-C9-eomwXQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

158a667005ba318c47703b0d7558382e17f5fa60408c563a9a9af6d38789acae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 842
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee158c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 0*6zd0na7Tly4J4mbD.png
miro.medium.com/max/30/ 577 B
818 B 254ms
251ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/0*6zd0na7Tly4J4mbD.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

0c12b91d9383c6882708d957b493578e3114e885fc5679d4ba71462363533715

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 577
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee168c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*edJKTu-kkya5YEevQc7e9Q.png
miro.medium.com/max/30/ 937 B
1021 B 130ms
128ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*edJKTu-kkya5YEevQc7e9Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c865a953d3384f183af94c7c521b156f54be6ae46f14203ce8fe37de64cfac39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 937
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee178c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*EGztmI_ZvGz_XU6OCeHPOQ.png
miro.medium.com/max/30/ 1 KB
1 KB 143ms
140ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*EGztmI_ZvGz_XU6OCeHPOQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

2578d8c0561a1709059ab7922e45f2880a412e97f690670f4052185037fafd31

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1212
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee188c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*mjJuq3hyhiwYVi1UawPEMw.png
miro.medium.com/max/30/ 714 B
782 B 131ms
129ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*mjJuq3hyhiwYVi1UawPEMw.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

cfe62e78a56a405ece2b8496f17a6e17db8a3631b55b5e28a495ce9ddad51406

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 714
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee198c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*hYw3SBPvwnb_aGZ6gr13uQ.png
miro.medium.com/max/30/ 414 B
482 B 152ms
150ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*hYw3SBPvwnb_aGZ6gr13uQ.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

d2486c371d158be46710a2f3defdfe5a06ab8a42ef208237e7185dbb6532a46b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 414
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee1a8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*PbxUU3U7oWxV135fd_ptsg.png
miro.medium.com/max/30/ 1 KB
1 KB 134ms
133ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*PbxUU3U7oWxV135fd_ptsg.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

ce285f849f7f15212f51a7f7582f3343ed3a544461de4a07aafd799c4b55bb4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1113
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee1b8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*AYyRs6s7mbA-rBdPL9Tn2Q.png
miro.medium.com/max/30/ 307 B
375 B 137ms
136ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*AYyRs6s7mbA-rBdPL9Tn2Q.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

55e25c1a8144d951fde40b444639c7e96f88fdf203d738cea20f0bba743adac0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 307
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aaee1c8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*738NV2OoISUCoQZu5z9YRw.png
miro.medium.com/max/30/ 379 B
466 B 179ms
177ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*738NV2OoISUCoQZu5z9YRw.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c4838f2607c3642772a2984105af14ed9d15747bd16babee79fb700b414d5abf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 379
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e228c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*hDRjw-p3DepQ649qEMLzMg.png
miro.medium.com/max/30/ 692 B
760 B 150ms
148ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*hDRjw-p3DepQ649qEMLzMg.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

f6bd0129df934aafd0aa8ace8c1e999559dffc863423706f9fe05157491e362c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 692
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e238c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*B9-GjDBn7CTodZa6F_aneA.png
miro.medium.com/max/30/ 531 B
599 B 150ms
149ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/1*B9-GjDBn7CTodZa6F_aneA.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

9d593c4098a9c43fc51924a1d1b67f80c08477b26da6958b24448b384f6b49c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 531
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e248c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 0*3Ax5sp6x8dB2torU.png
miro.medium.com/max/30/ 412 B
479 B 254ms
253ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/30/0*3Ax5sp6x8dB2torU.png?q=20

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c2d3b23bd9285a5ad5695c694316424002c2fb53413fcbab10fbd8abaed00b53

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 412
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e258c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*JH0JTmpsTGDOH129UenyGg.png
miro.medium.com/fit/c/80/80/ 11 KB
11 KB 152ms
151ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*JH0JTmpsTGDOH129UenyGg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

e6334ed1b6ae353a78f3473f3851900b98439a17456c162b089924c4d6ceb65a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3202-b3dbcc5
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 11277
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e268c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*y82b5CliG--Ip2bLLUKKQA.png
miro.medium.com/fit/c/80/80/ 8 KB
8 KB 41ms
40ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*y82b5CliG--Ip2bLLUKKQA.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

f3f8703a7b9376bdee2b8d2c841bebfa48e1630b18f3d3f2c5a05ab56201d322

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 97150
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 8270
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e278c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H/1.1 200
OK branch-latest.min.js Show response
cdn.branch.io/ 72 KB
22 KB 24ms
8ms Script
text/javascript 13.225.78.41
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9?gi=ae9ee7f1f2eb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.78.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-78-41.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a7f6085f7574b224a950a25344ed986dbf084b17edcbd242c49b83ec919a35f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: uPhjiqDbOoA_pLf62CesKJEVgSwpyWgu
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Thu, 26 Sep 2019 18:39:04 GMT
Server: AmazonS3
Age: 202
ETag: "161e0ab9281d23aa5a07943fab4f1b5f"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
Cache-Control: max-age=300
Date: Mon, 14 Oct 2019 20:44:50 GMT
X-Amz-Cf-Pop: FRA2-C2
Content-Length: 21834
X-Amz-Cf-Id: il_C92s7E1dLnp9JBTnA3uI3kdSXn06ABBZkk8zTszCzsJGTRI0d5A==

GET
H2 200 0*AfVsdz2TZBKfkmtC.png
miro.medium.com/max/1510/ 666 KB
667 KB 529ms
529ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1510/0*AfVsdz2TZBKfkmtC.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

915fe14a746a4c9536fa4973d206f8a47275ab43f8fd81d8d9180df81b8c2361

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 682311
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e298c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 0*J2y62UJX9dZGcgmR.png
miro.medium.com/max/822/ 356 KB
357 KB 131ms
131ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/822/0*J2y62UJX9dZGcgmR.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

76ee6ad0111680e31571b1a0938970493c585218ed7e4b35febe9d193b407f75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 364916
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69ab0e2c8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H/1.1 200
OK / Show response
srv-2019-10-14-20.pixel.parsely.com/start/ 77 B
380 B 359ms
90ms Script
application/json 52.70.55.238
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://srv-2019-10-14-20.pixel.parsely.com/start/?rand=1571086092034&plid=62938878&idsite=medium.com&url=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22viewerStatus%22%3A%22visitor%22%7D&sid=1&surl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&sref=&sts=1571086092019&slts=0&title=Guildma+malware+is+now+accessing+Facebook+and+YouTube+to+keep+up-to-date&date=Mon+Oct+14+2019+22%3A48%3A12+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&js=1&pvid=15236535&callback=parselyStartCallback
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.70.55.238 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-70-55-238.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3ee5bcdbfdf62f26760117c4b55fbf3c240daf4aa73fa65e8d952130f0c173d1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 20:48:12 GMT
Server: nginx
Connection: keep-alive
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Length: 77
Content-Type: application/json

GET
H/1.1 200
OK _r Show response
app.link/ 90 B
724 B 192ms
176ms Script
text/javascript 2600:9000:20eb:4a00:19:9934:6a80:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.52.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:20eb:4a00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

openresty/1.13.6.2 / Express

Resource Hash

dfc34693d187366c50138316fc9759603664e0ac5f2597acc1212855c503f870

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 20:48:12 GMT
Via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Server: openresty/1.13.6.2
X-Amz-Cf-Pop: FRA2-C1
X-Powered-By: Express
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 90
ETag: W/"5a-xNumkIz/vZyeAWRQYBHuY8le+/Q"
X-Amz-Cf-Id: tI4s5YcCEDfazSo3aRAqS8xpmB0hGXBdpWcwv1E30qRzo4I929QRQw==

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
600 B 271ms
250ms XHR
application/json 2600:9000:2156:6400:11:f728:3040:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:6400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 /
Resource Hash: c795a81828952712ce1bce94700dab39453422bdc5a9b155d32c475a778ed8b3

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-amz-cf-pop: FRA50-C1
status: 200
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
content-length: 312
x-amz-cf-id: XVnws9n-hBsdtFzrFHl52m3KYDt63Jw9lpE4idU_uWk3FQmWTp5Xfg==

GET
H2 200 1*EasEMcUHMVdtx_5M37MpQQ.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 23ms
22ms Image
image/jpeg 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*EasEMcUHMVdtx_5M37MpQQ.jpeg

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

534489607939aa7da4f1dededa119e04545c40e18e7572c8dbf48b576b0cee83

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1331586
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3202-b3dbcc5
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1711
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aeb8dd8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*nqMDheMI3anu0ydbDZU2qw.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
1 KB 23ms
23ms Image
image/jpeg 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*nqMDheMI3anu0ydbDZU2qw.jpeg

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

9e82ad92f93af8fca4c6ad1545879240fcd833e8d7a2f442d720eb5df243264b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 336358
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1318
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aeb8de8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*V_UDCzKJ7qfWW-PQrsnzuA.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 20ms
20ms Image
image/jpeg 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*V_UDCzKJ7qfWW-PQrsnzuA.jpeg

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

0ccefa68aed93d5ba864ede9135d7579e80315153ea381442c4ab16f90ef30c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 299275
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 1540
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aeb8df8c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 0*cCbzRFp-hui27nd_
miro.medium.com/max/328/ 68 KB
68 KB 565ms
565ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/328/0*cCbzRFp-hui27nd_

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

a3793a7319ff9bbca380b2a81acaef139e23c9de8d2b46461cde39cbec204f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:13 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 69700
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aeb8e28c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 UTC

GET
H2 200 1*3OzRSJGiJ1wOMS5VDPBWgw.jpeg
miro.medium.com/max/328/ 11 KB
11 KB 25ms
25ms Image
image/jpeg 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/328/1*3OzRSJGiJ1wOMS5VDPBWgw.jpeg

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

db2c8375fd3ffa669a319158fa2066ead7df5a1d4f1bbfd0cb2001cd9b381069

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 698941
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 11329
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aeb8e38c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

GET
H2 200 1*2C4W4uLlUX1nesN-ycPUWg.png
miro.medium.com/max/328/ 30 KB
30 KB 26ms
26ms Image
image/png 2606:4700::6810:7791
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/328/1*2C4W4uLlUX1nesN-ycPUWg.png

Requested by

Host: morphuslabs.com
URL: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7791 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

8222247e8dc50e8623e6431a6c6ace3c2174a0c1fe5b17703bb1e20842eaf98d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 299275
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-23=":443"; ma=86400
content-length: 30356
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 525c69aec8e48c6e-VIE
expires: Wed, 13 Nov 2019 20:48:12 GMT

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
363 B 322ms
322ms XHR
application/json 2600:9000:2156:6400:11:f728:3040:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:6400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
status: 200
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: 2BS70e79v_sFTqME8xeRMlPH5XuMmTtXUbWGOUW1QZFYAtzNCzQDxQ==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
361 B 179ms
179ms XHR
application/json 2600:9000:2156:6400:11:f728:3040:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:6400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Oct 2019 20:48:12 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
status: 200
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: 0FRGCL2u7ESqbrgLn67gZ7rVSe58oAtddkl61lBDVxurmZnG5MG0nA==

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 113 B
311 B 90ms
89ms XHR
application/json 34.192.124.59
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.124.59 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-124-59.compute-1.amazonaws.com
Software: /
Resource Hash: d77fad217a847499096f893cf0fefe9ac105ae53e800882b7d9dd59523785ca0

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Mon, 14 Oct 2019 20:48:13 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 113

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
241 B 90ms
90ms XHR
text/plain 3.215.56.5
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.56.5 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-215-56-5.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://morphuslabs.com
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Mon, 14 Oct 2019 20:48:13 GMT
Content-Type: text/plain

POST
H2 200 render Show response
morphuslabs.com/_/lite/performance/ 2 B
244 B 97ms
96ms Fetch
text/plain 52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://morphuslabs.com/_/lite/performance/render

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Oct 2019 20:48:13 GMT
sepia-upstream: production
server: nginx
x-frame-options: allow-from medium.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
medium-fulfilled-by: lite/master-20191011-235107-887b7f41b7
x-envoy-upstream-service-time: 1
content-length: 2

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 113 B
311 B 89ms
89ms XHR
application/json 34.192.124.59
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.124.59 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-124-59.compute-1.amazonaws.com
Software: /
Resource Hash: f6bef3372ace21550c13063eb80fcd52c34cd970ee56dccea05dbef3ab7a883c

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Mon, 14 Oct 2019 20:48:13 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 113

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 113 B
311 B 90ms
89ms XHR
application/json 34.192.124.59
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.124.59 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-124-59.compute-1.amazonaws.com
Software: /
Resource Hash: 34f8f781cfec50cc0e1100580934311ef5a078d68722585a33639ca968ed2882

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Mon, 14 Oct 2019 20:48:14 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 113

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 113 B
311 B 90ms
90ms XHR
application/json 34.192.124.59
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.124.59 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-124-59.compute-1.amazonaws.com
Software: /
Resource Hash: 3908bfe0ba06c15a4e87af9d52d8132944b14f9bfed4c60b98efc376d0cd3175

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Mon, 14 Oct 2019 20:48:15 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 113

POST
H2 200 batch
morphuslabs.com/_/ 97 B
0 182ms
182ms Fetch
application/json 52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://morphuslabs.com/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://morphuslabs.com https://.morphuslabs.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type: application/json

Response headers

content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://morphuslabs.com https://*.morphuslabs.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 38891-683af53,683af53ee2d
status: 200
content-length: 97
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
link: <https://medium.com/humans.txt>; rel="humans"
x-obvious-tid: 1571086096641:84fda43e908a
server: nginx
date: Mon, 14 Oct 2019 20:48:16 GMT
x-frame-options: sameorigin
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-opentracing: {"ot-tracer-spanid":"0df5c0ee061f38bc","ot-tracer-traceid":"639a84515f3fcaa1","ot-tracer-sampled":"true"}
expires: Thu, 09 Sep 1999 09:09:09 GMT

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 113 B
311 B 90ms
89ms XHR
application/json 34.192.124.59
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.529abc22.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.124.59 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-124-59.compute-1.amazonaws.com
Software: /
Resource Hash: c3d4617d6dcb19234160e62ed64286b2393848d5d96a4be89a1752129a4aae4e

Request headers

Sec-Fetch-Mode: cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Mon, 14 Oct 2019 20:48:17 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 113

GET
H/1.1 200
OK /
srv-2019-10-14-20.pixel.parsely.com/event/ 43 B
385 B 91ms
90ms Image
image/gif 52.70.55.238
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2019-10-14-20.pixel.parsely.com/event/?rand=1571086102527&plid=62938878&idsite=medium.com&url=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fmorphuslabs.com%2Fguildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9&sref=&sts=1571086102525&slts=0&date=Mon+Oct+14+2019+22%3A48%3A22+GMT%2B0200+(Central+European+Summer+Time)&action=heartbeat&inc=5&tt=4900&pvid=15236535&u=pid%3D796f1e13884b6eb0f71a57ac1bd3e7b5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.70.55.238 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-70-55-238.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 20:48:22 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Length: 43
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
morphuslabs.com/	1970-01-19 04:34:50	Name: lightstep_session_id Value: 3adda7bc044916fc
morphuslabs.com/	1970-01-19 04:34:50	Name: lightstep_guid/lite-web Value: 5b6c21bc40c94986
.morphuslabs.com/	1970-01-19 04:24:47	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://morphuslabs.com/guildma-malware-is-now-accessing-facebook-and-youtube-to-keep-up-to-date-998159e8a8a9%22%2C%22sref%22:%22%22%2C%22sts%22:1571086092019%2C%22slts%22:0}
.morphuslabs.com/	1970-01-19 04:24:46	Name: _gat Value: 1
.morphuslabs.com/	1970-01-19 21:55:58	Name: _ga Value: GA1.2.2090601449.1571086091
morphuslabs.com/	1970-01-19 13:10:22	Name: sid Value: 1:DTh5dUmhimBlrNn9VMNVTWVBM/CVD1gb+SS9mSPqfzYnW3qZVRK3dV8q0u6FD88A
.morphuslabs.com/	1970-01-19 04:26:12	Name: _gid Value: GA1.2.1307555087.1571086091
.morphuslabs.com/	1970-01-19 13:54:10	Name: _parsely_visitor Value: {%22id%22:%22pid=796f1e13884b6eb0f71a57ac1bd3e7b5%22%2C%22session_count%22:1%2C%22last_session_ts%22:1571086092019}
morphuslabs.com/	1970-01-19 13:10:22	Name: uid Value: lo_UQOK5mSaPYsX
morphuslabs.com/	1970-01-19 13:10:22	Name: optimizelyEndUserId Value: lo_UQOK5mSaPYsX

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js(Line 1) Message: -+++++= .+++++= .+@@@@@+ #@@@@: .@@@@@= @@@@@ @+@@@@- =#@@@@@ @ +@@@@: :% @@@@@ @ @@@@-%: @@@@@ @ @@@@- @@@@@ -@- #@@+ :@@@@@: -#@@@#- ## =@@@@@@@= ....... .........
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.530f02d6.chunk.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	allow-from medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
collector-medium.lightstep.com
d1z2jf7jlzjs58.cloudfront.net
errors.client.optimizely.com
glyph.medium.com
medium.com
miro.medium.com
morphuslabs.com
srv-2019-10-14-20.pixel.parsely.com
www.google-analytics.com
13.224.197.225
13.225.78.41
2600:9000:20eb:4a00:19:9934:6a80:93a1
2600:9000:2156:6400:11:f728:3040:93a1
2606:4700::6810:7791
2606:4700::6810:7891
2606:4700::6810:797f
2a00:1450:4001:815::200e
2a02:26f0:6c00:183::13b8
3.215.56.5
34.192.124.59
52.1.119.170
52.70.55.238
015c2c44e8e395216375e746d3125b1feac4cc9d6beddeb4fb909767dca584bd
0297ecee7cd3d457a617fb2bbf695901f2dcb7ec0a75834d8f9d04d9f0c98ae0
05d4106d3a548969b84d3b1299ccf9cf1238d63544ed861e7ede764a13c94265
07097afa2112f890582862780e51240b956a99f50f88379f4c6052ee0e53c812
083dbe4c8a656c48931cea871be647dba79584764dfccdacca8088a10c73df4f
087a4c7aa118304c5ce85d5917d95a49b3c93204ef3500752dfde52595e4eac6
0a88df8d30153788e60d3064d1986e4fdbed590cf12603b7e3b9d49cf878da92
0c12b91d9383c6882708d957b493578e3114e885fc5679d4ba71462363533715
0ccefa68aed93d5ba864ede9135d7579e80315153ea381442c4ab16f90ef30c8
109b89370027b4083d05e91e5d3903506c7ae68729f4a95b1366dbffcffc2088
12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192
158a667005ba318c47703b0d7558382e17f5fa60408c563a9a9af6d38789acae
18c564992085b41d8d097193506a81b3e972cbeb6b198a8d8ff733f36dda69a4
18c58e9ffeeeb5252d8f3170aec98c387d3be45775bbde1616db548d0a698366
22b22085d461bc9010931dbf9a3d86a769dd8c6bd17bbe62f666c69d7aebc5b4
22d6a958af757535a5158d10d6607b8cae6bccea95a38a60387f36ea7753aadf
2487264e6d31a3796f975cfbf0289e5ef0256d3cea8d9e5a4483eeac09f688bc
2578d8c0561a1709059ab7922e45f2880a412e97f690670f4052185037fafd31
29d2b25d22c273ab1dad31cad38757374cad5768e57a594f2538e67dd030c3ff
318956b9e83c2237301fa8321e7bf33eb666ed2078bd1ebf72339fb49c174a68
3222559e23fb1d20f96bd1defbf1c803a87aaa30a6af317db431a9a2ddb0716c
34f8f781cfec50cc0e1100580934311ef5a078d68722585a33639ca968ed2882
368f87facc41a6e35ec6c451fdbcc05cf5054c5237ce4869e4046ecc1078e462
3908bfe0ba06c15a4e87af9d52d8132944b14f9bfed4c60b98efc376d0cd3175
3da102a375c452aae5814cd6e69e7d6f2f1cfa4e686e07c5f4b79dff97e573c8
3ee5bcdbfdf62f26760117c4b55fbf3c240daf4aa73fa65e8d952130f0c173d1
41532aec4c3a3a0747ca853b064ef7a96483a95798a6526974ec043997e2ccf9
4c0cc04185396c9a83cfda3644c23327d7d8ff9247157c438575b83713894173
534489607939aa7da4f1dededa119e04545c40e18e7572c8dbf48b576b0cee83
55b18f385c40f0447b76d62f8026eeb2c78325d5c2041ac051d2b978d25bc92e
55e25c1a8144d951fde40b444639c7e96f88fdf203d738cea20f0bba743adac0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58711bafae315df048e1bc0c36ae1dfd017810b34fd9b4b021f774694397baad
59153ae1634105ecee1e6fb6acca980991d194fc49b651e2576aac4e5817223b
709f6fb6e00d7edeb76032095412e673b8e9dac0241b9ecbff8d57125e269452
714051a151868ba5568f4de7a233da84706d0c93c3350182405802ab1b8501e4
7223a4301655bc2f5cd603761b8e9b5fe465c767303e4c5ae9da072a60f73421
72ba43a3896f549ba6bf0f6360a9e4b3fec053d459f25b3e356096f43d1b75c8
7386acc07935c7aa30fd306fefcd4eb38e8153c111a407c1f6e0dd5176857961
76ee6ad0111680e31571b1a0938970493c585218ed7e4b35febe9d193b407f75
8222247e8dc50e8623e6431a6c6ace3c2174a0c1fe5b17703bb1e20842eaf98d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b3a7d19901dce2225b8169547dd978156fd24081c6ec04b85ddd1989d02bc7
857ee40eaf5d420ffcf131deb2fe0dc81ff76a8951ac598f1a10504a710fbc87
8c770f5838712c53206a0f6a475abb14883d82a1e118476171c7a3facf96f080
915fe14a746a4c9536fa4973d206f8a47275ab43f8fd81d8d9180df81b8c2361
97662b05befa582ec9dab3d08f63b49f21eb22ea1e3fcd69295f73a950e0e3e8
97ddf4bbebcc04f8a56d4f62f841b1be2c6b5e3964a8be4624092244bd4f9c74
99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8
9a7f6085f7574b224a950a25344ed986dbf084b17edcbd242c49b83ec919a35f
9d593c4098a9c43fc51924a1d1b67f80c08477b26da6958b24448b384f6b49c5
9e82ad92f93af8fca4c6ad1545879240fcd833e8d7a2f442d720eb5df243264b
a3793a7319ff9bbca380b2a81acaef139e23c9de8d2b46461cde39cbec204f22
a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8
a4d2d7b8bc8d12444cab1737fa37f35597f5f147971eee5ab13d653557575bd2
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
b8ebf598b34dcc1560e2d1422cf59d790c70e90939b531ebed9715b7c8d79465
bc72a2ca45067a3d17fed4cd8776fec5dca3b9ecd7300e107f9256a86a0c8b2f
befc42916da44b486990e11816ecae723983b947620cb4a205276c7d4b9dfa59
c2a446856aff8e0934a0d009a4a13311e324756bd4e478d1727cd3e4e87464ba
c2d3b23bd9285a5ad5695c694316424002c2fb53413fcbab10fbd8abaed00b53
c3d4617d6dcb19234160e62ed64286b2393848d5d96a4be89a1752129a4aae4e
c4838f2607c3642772a2984105af14ed9d15747bd16babee79fb700b414d5abf
c573f735decf5f22fac836e1b31d2ab0f291821d8baff16a0979c6182e733d72
c795a81828952712ce1bce94700dab39453422bdc5a9b155d32c475a778ed8b3
c865a953d3384f183af94c7c521b156f54be6ae46f14203ce8fe37de64cfac39
ce285f849f7f15212f51a7f7582f3343ed3a544461de4a07aafd799c4b55bb4e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfe62e78a56a405ece2b8496f17a6e17db8a3631b55b5e28a495ce9ddad51406
cff896eba3c403eabd6e84b5ff4edeba11b246affd828f13e52bd13bda839d18
d2486c371d158be46710a2f3defdfe5a06ab8a42ef208237e7185dbb6532a46b
d77fad217a847499096f893cf0fefe9ac105ae53e800882b7d9dd59523785ca0
db2c8375fd3ffa669a319158fa2066ead7df5a1d4f1bbfd0cb2001cd9b381069
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc67f265011a1c47298ea7d976f4e1bcbbdb10aecf52d1f58ced18bbbc910a60
dfc34693d187366c50138316fc9759603664e0ac5f2597acc1212855c503f870
e2b81052f6d701c3c3d88117405c711ca5df41c8c6914b7b24f92fe3adefb870
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c257a59cc13d2b7b274694e7e73307f693ad68f16c8842d057ad5bc3274be6
e469b68ffc292560e6cb3ecc248c3433fc767cd1da76071575f66b43311529e8
e602189b36334aa9a892369f15e03e836fdbb189b49d142fdfb90e26e34533c6
e6334ed1b6ae353a78f3473f3851900b98439a17456c162b089924c4d6ceb65a
e8f4608d5f344ecec49c7d24c21d84967251827e24567599214a8f07fcd21921
ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3
f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367
f3f8703a7b9376bdee2b8d2c841bebfa48e1630b18f3d3f2c5a05ab56201d322
f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08
f6bd0129df934aafd0aa8ace8c1e999559dffc863423706f9fe05157491e362c
f6bef3372ace21550c13063eb80fcd52c34cd970ee56dccea05dbef3ab7a883c
fe41c04896df909954b6d10420ba301a384b9997a99aacb41bab3866f33078a8

morphuslabs.com Open in urlscan Pro 52.1.119.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

89 Requests

100 %HTTPS

54 %IPv6

9 Domains

14 Subdomains

13 IPs

3 Countries

2071 kBTransfer

3757 kBSize

10 Cookies

35 Outgoing links

Page URL History

Redirected requests

89 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

morphuslabs.com Open in urlscan Pro
52.1.119.170 Public Scan

Screenshot
Live screenshot

Full Image

89
Requests

100 %
HTTPS

54 %
IPv6

9
Domains

14
Subdomains

13
IPs

3
Countries

2071 kB
Transfer

3757 kB
Size

10
Cookies

89 HTTP transactions
4 data transactions