labs.k7computing.com Open in urlscan Pro
172.104.56.202  Public Scan

59 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

55 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/	71 KB 15 KB	792ms 339ms	Document text/html	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash f1315bd10169a995c881c8542ac5a1cc1b7ffd5f6e27a3ef24ce84202bac873a Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 15123 Content-Type text/html; charset=UTF-8 Date Mon, 09 Jan 2023 08:59:07 GMT Keep-Alive timeout=5, max=100 Link <https://labs.k7computing.com/?p=25157>; rel=shortlink Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding X-Content-Type-Options nosniff X-Frame-Options DENY X-XSS-Protection 1; mode=block
GET H2	200	font-awesome.min.css netdna.bootstrapcdn.com/font-awesome/4.3.0/css/	23 KB 6 KB	75ms 27ms	Stylesheet text/css	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:07 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 617, 617 age 17287043 cdn-cachedat 2021-06-08 14:24:33 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:54 GMT server cloudflare cdn-requestpullcode 200 vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid d61dc5e949932a05b0a0cdd3ae503fc6 timing-allow-origin * cdn-requestcountrycode US cf-ray 786bf99c3e1dbad5-MXP cdn-requestpullsuccess True
GET H2	200	css fonts.googleapis.com/	13 KB 1 KB	168ms 61ms	Stylesheet text/css	2a00:1450:400d:80c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto%3A500%2C700%7CNunito%3A300%2C700%2C400%2C400italic%7CMuli%3A600%7CMontserrat%3A500&subset=latin&ver=1508772994 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ea5c6c9d06f4772215cc0daf91ae389da2887058690b5cd8fe8a1c5090acf6de Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 09 Jan 2023 08:59:07 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 09 Jan 2023 08:51:40 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 09 Jan 2023 08:59:07 GMT
GET H2	200	css fonts.googleapis.com/	3 KB 966 B	167ms 60ms	Stylesheet text/css	2a00:1450:400d:80c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Muli:400,700,800&display=swap Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 42c3bc467e1cdcfec880bb6c06d662541c8325e04e5c3b900b78592657ccb05d Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 09 Jan 2023 08:59:07 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 09 Jan 2023 08:59:07 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 09 Jan 2023 08:59:07 GMT
GET H/1.1	200 OK	prettyPhoto.css labs.k7computing.com/wp-content/themes/k7security/blog/css/	19 KB 3 KB	175ms 162ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/css/prettyPhoto.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 6b172a8b7556bb06b638d9680458038bb86a3034a9134559d2458d88eb97357c Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:07 GMT Content-Encoding gzip Last-Modified Mon, 08 Jul 2019 09:20:46 GMT Server Apache/2.4.41 (Ubuntu) ETag "4cf1-58d27f5896f87-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2765
GET H2	200	jquery-1.12.4.min.js Show response code.jquery.com/	95 KB 33 KB	74ms 20ms	Script application/javascript	2001:4de0:ac18::1:a:1b STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.12.4.min.js Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:07 GMT content-encoding gzip x-sp-metadata HS256.COvK750GEo0BCiRlODZhY2VhYS02MzcxLTQxNWQtYTc2NS0yMmY3NTk5MTBjMzcQ+OiCoKvU+wIaBgjbru+dBiISMjAwMTphYzg6MjQ6NDQ6OjE4KPbOAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkNjA3NzllMDUtMDRhYy00YmMyLTg2NjAtNmQ5OWJlYmE4NWJmGMqHAiIYCAISFGNkczIxNC5tbDEuaHdjZG4ubmV0.YEcLIJQq1gajmT6Z5bkKTBpDIKwp/K6SnkyHJTiq2jc= last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-17b8b" vary Accept-Encoding x-hw 1673254747.dop034.ml1.t,1673254747.cds209.ml1.hn,1673254747.cds214.ml1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 33738
GET H/1.1	200 OK	jquery.prettyPhoto.js Show response labs.k7computing.com/wp-content/themes/k7security/blog/js/	23 KB 6 KB	656ms 167ms	Script application/javascript	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/js/jquery.prettyPhoto.js Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 340277869a89746ff06a46d7a773d8b87708a32da1669635ddafec18aaea1ed3 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Content-Encoding gzip Last-Modified Mon, 08 Jul 2019 09:20:46 GMT Server Apache/2.4.41 (Ubuntu) ETag "5bd4-58d27f587ba03-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 6238
GET H2	200	jquery.dataTables.min.css cdn.datatables.net/1.10.19/css/	14 KB 2 KB	91ms 33ms	Stylesheet text/css	2606:4700:10::6816:325d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.datatables.net/1.10.19/css/jquery.dataTables.min.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 618d62ceaca1223e16de2c8939a1963a95c34b0ac75852f835f93e5b42f20871 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:07 GMT content-encoding gzip cf-cache-status HIT age 17287028 content-length 2109 last-modified Tue, 17 Jul 2018 10:18:26 GMT server cloudflare etag "1121ccf-364c-5712f444e19c2-gzip" x-frame-options SAMEORIGIN vary Accept-Encoding,User-Agent content-type text/css; charset=utf-8 access-control-allow-origin * access-control-allow-methods GET cache-control max-age=31536000 accept-ranges bytes cf-ray 786bf99c5ffaba83-MXP access-control-allow-headers origin, x-requested-with, content-type expires Fri, 23 Jun 2023 07:01:58 GMT
GET H2	200	responsive.dataTables.min.css cdn.datatables.net/responsive/2.2.3/css/	4 KB 1 KB	85ms 29ms	Stylesheet text/css	2606:4700:10::6816:325d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.datatables.net/responsive/2.2.3/css/responsive.dataTables.min.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2ec1d2032daf47da420abf0f0e67ab2654648aabdda55e89e6da392b6158c382 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:07 GMT content-encoding gzip cf-cache-status HIT age 17287035 content-length 930 last-modified Tue, 17 Jul 2018 10:19:02 GMT server cloudflare etag "13c1e94-f59-5712f467268f2-gzip" x-frame-options SAMEORIGIN vary Accept-Encoding,User-Agent content-type text/css; charset=utf-8 access-control-allow-origin * access-control-allow-methods GET cache-control max-age=31536000 accept-ranges bytes cf-ray 786bf99c5ffdba83-MXP access-control-allow-headers origin, x-requested-with, content-type expires Fri, 23 Jun 2023 07:01:51 GMT
GET H2	200	jquery.dataTables.min.js Show response cdn.datatables.net/1.10.19/js/	80 KB 28 KB	85ms 30ms	Script application/javascript	2606:4700:10::6816:325d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b796504d9b1b422f0dc6ccc2d740ac78a8c9e5078cc3934836d39742b1121925 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:07 GMT content-encoding gzip cf-cache-status HIT age 17287103 content-length 28049 last-modified Tue, 17 Jul 2018 10:18:27 GMT server cloudflare etag "1121ce7-141eb-5712f4450dcca-gzip" x-frame-options SAMEORIGIN vary Accept-Encoding,User-Agent content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-allow-methods GET cache-control max-age=31536000 accept-ranges bytes cf-ray 786bf99c5800ba83-MXP access-control-allow-headers origin, x-requested-with, content-type expires Fri, 23 Jun 2023 07:00:43 GMT
GET H2	200	dataTables.responsive.min.js Show response cdn.datatables.net/responsive/2.2.3/js/	13 KB 5 KB	99ms 44ms	Script application/javascript	2606:4700:10::6816:325d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.datatables.net/responsive/2.2.3/js/dataTables.responsive.min.js Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ed36e2939292383b8688e2c83857e13f8ee9e542ba875c33c3c085488fd32a17 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:07 GMT content-encoding gzip cf-cache-status HIT age 17287036 content-length 4594 last-modified Tue, 17 Jul 2018 10:19:02 GMT server cloudflare etag "13e05e4-32e7-5712f46726cda-gzip" x-frame-options SAMEORIGIN vary Accept-Encoding,User-Agent content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-allow-methods GET cache-control max-age=31536000 accept-ranges bytes cf-ray 786bf99c5803ba83-MXP access-control-allow-headers origin, x-requested-with, content-type expires Fri, 23 Jun 2023 07:01:50 GMT
GET H/1.1	200 OK	style.css labs.k7computing.com/wp-content/themes/k7security/	220 KB 29 KB	318ms 174ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.6 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 55e2d079ffefd94a06d895269a9aa51c25331c0bfc7e7541a6b903402fea588f Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:07 GMT Content-Encoding gzip Last-Modified Mon, 28 Mar 2022 05:13:29 GMT Server Apache/2.4.41 (Ubuntu) ETag "3704f-5db405f71a018-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 28942
GET H/1.1	200 OK	jquery.min.js Show response labs.k7computing.com/wp-includes/js/jquery/	87 KB 31 KB	654ms 165ms	Script application/javascript	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Content-Encoding gzip Last-Modified Thu, 23 Dec 2021 06:01:42 GMT Server Apache/2.4.41 (Ubuntu) ETag "15db1-5d3c9f8f1e0fd-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 30908
GET H/1.1	200 OK	style.css labs.k7computing.com/wp-content/themes/k7security/blog/css/	836 KB 110 KB	356ms 186ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/css/style.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash f6af0bc7a108f87a05981a9ae50a218c2aee3a296ca5e85ec8bc1d5aab65ee82 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:07 GMT Content-Encoding gzip Last-Modified Thu, 12 May 2022 07:08:51 GMT Server Apache/2.4.41 (Ubuntu) ETag "d0fdf-5decb3ae9696b-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99
GET H/1.1	200 OK	rgs.css labs.k7computing.com/wp-content/themes/k7security/blog/css/	6 KB 1 KB	485ms 160ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/css/rgs.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 543714c91ccb2334b7a55050649f0d5690ec45b548fe3dcf51fd8bed61798ab4 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:07 GMT Content-Encoding gzip Last-Modified Tue, 25 Jun 2019 12:36:17 GMT Server Apache/2.4.41 (Ubuntu) ETag "16e4-58c252cd1d26f-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1167
GET H/1.1	200 OK	skin-material.css labs.k7computing.com/wp-content/themes/k7security/blog/css/	104 KB 15 KB	508ms 171ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/css/skin-material.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 96cf7868ea942c789ea8c2f728992116800ee02cd3259e52ce3854c725ddd18b Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:07 GMT Content-Encoding gzip Last-Modified Thu, 31 Oct 2019 10:02:46 GMT Server Apache/2.4.41 (Ubuntu) ETag "19ea8-59631f37a6788-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 15491
GET H/1.1	200 OK	responsive.css labs.k7computing.com/wp-content/themes/k7security/blog/css/	171 KB 25 KB	523ms 175ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/css/responsive.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 4e0de8e05abf4df68de7e9433c3003367a4570ef279d8c3c2c9de78545dfcf9e Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:07 GMT Content-Encoding gzip Last-Modified Fri, 25 Mar 2022 04:22:51 GMT Server Apache/2.4.41 (Ubuntu) ETag "2ad90-5db0350d4d3aa-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 25397
GET H/1.1	200 OK	support.css labs.k7computing.com/wp-content/themes/k7security/blog/css/	128 KB 16 KB	520ms 173ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/css/support.css Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash b0089bce367c4a2cb11f1331937ffaf60a173750355d896eb038d43c5e6ff10c Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:07 GMT Content-Encoding gzip Last-Modified Tue, 02 Jul 2019 06:14:10 GMT Server Apache/2.4.41 (Ubuntu) ETag "20040-58caca72db44f-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 16419
GET H2	200	js Show response www.googletagmanager.com/gtag/	112 KB 45 KB	102ms 41ms	Script application/javascript	2a00:1450:4001:82a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-151201792-1 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 33cd442393bb14074f7908380674e62497e1135ae38796fbb53ac6f344b9f7df Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:08 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 45279 x-xss-protection 0 last-modified Mon, 09 Jan 2023 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 09 Jan 2023 08:59:08 GMT
GET H/1.1	200 OK	k7_securitylabs_logo.png labs.k7computing.com/wp-content/themes/k7security/blog/	4 KB 4 KB	167ms 166ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/k7_securitylabs_logo.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash b76c5d79c454c6fd45687f9813b352a29509bba8860e37784cabe7f3e10b70cb Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Tue, 25 Jun 2019 12:36:15 GMT Server Apache/2.4.41 (Ubuntu) ETag "1071-58c252cbce30b" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 4209
GET H/1.1	200 OK	Pupy-RAT.png labs.k7computing.com/wp-content/uploads/2023/01/	228 KB 228 KB	168ms 167ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2023/01/Pupy-RAT.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 316ed91f4a89cc5df8310da8bea2dca87a9891df9ed8b59ae7800d4440207d17 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Wed, 04 Jan 2023 03:51:05 GMT Server Apache/2.4.41 (Ubuntu) ETag "38f97-5f16818093529" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 233367
GET H/1.1	200 OK	IcedID-Malware-01.jpg labs.k7computing.com/wp-content/uploads/2023/01/	158 KB 158 KB	163ms 162ms	Image image/jpeg	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2023/01/IcedID-Malware-01.jpg Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 32cd24ea122ca0c0cf39fc344dada48ba06ecba5bb733563c2af57579f9992e6 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Mon, 02 Jan 2023 07:03:47 GMT Server Apache/2.4.41 (Ubuntu) ETag "2764f-5f1428d8028f6" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 161359
GET H/1.1	200 OK	Python-Malware2.png labs.k7computing.com/wp-content/uploads/2022/12/	900 KB 900 KB	166ms 166ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2022/12/Python-Malware2.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash de5b64a3e893007203e8cae879103e9dae6b5e3a9b6a22c597f783dbdbaeb4fa Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Fri, 23 Dec 2022 02:20:58 GMT Server Apache/2.4.41 (Ubuntu) ETag "e0ef4-5f0756fa5084b" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 921332
GET H/1.1	200 OK	k7.jpg labs.k7computing.com/wp-content/uploads/2018/08/	34 KB 35 KB	168ms 168ms	Image image/jpeg	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2018/08/k7.jpg Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash ab3dc0045616cf94a5a6cbc3f39499e93716a40b072dd02d01f8e028aa6e5030 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Wed, 26 Jun 2019 06:14:43 GMT Server Apache/2.4.41 (Ubuntu) ETag "896b-58c33f613c015" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 35179
GET H/1.1	200 OK	nophoto.png labs.k7computing.com/wp-content/themes/k7security/	6 KB 6 KB	168ms 168ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/themes/k7security/nophoto.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 9f266703b40b04b279432112f20fc52488493407f28bd6b0f6ed550c5ad243b4 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Tue, 25 Jun 2019 09:24:11 GMT Server Apache/2.4.41 (Ubuntu) ETag "16ce-58c227dd247ff" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 5838
GET H/1.1	200 OK	7.png labs.k7computing.com/wp-content/uploads/userphoto/	11 KB 11 KB	159ms 159ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/userphoto/7.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 0a5fb838ef0f6c169e3b6c3f8eea2115f139906fe8a96ae565317ef8ce992952 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Thu, 27 Jun 2019 07:06:24 GMT Server Apache/2.4.41 (Ubuntu) ETag "2bd3-58c48ccc00b9d" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 11219
GET H/1.1	200 OK	logo.png labs.k7computing.com/wp-content/uploads/2019/06/	4 KB 5 KB	162ms 161ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2019/06/logo.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 96c54f392e93fdbe96d44b810423cd458ae254520f6546b5f42703bb020eeb65 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Fri, 28 Jun 2019 09:27:12 GMT Server Apache/2.4.41 (Ubuntu) ETag "11f2-58c5ee21f1c9d" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 4594
GET H/1.1	200 OK	wp-embed.min.js Show response labs.k7computing.com/wp-includes/js/	1 KB 1 KB	161ms 160ms	Script application/javascript	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-includes/js/wp-embed.min.js?ver=5.8.6 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Content-Encoding gzip Last-Modified Thu, 04 Feb 2021 06:16:35 GMT Server Apache/2.4.41 (Ubuntu) ETag "592-5ba7ca5478d58-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 765
GET H/1.1	200 OK	k7_script.js Show response labs.k7computing.com/wp-content/themes/k7security/blog/js/	95 KB 33 KB	174ms 174ms	Script application/javascript	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/js/k7_script.js?ver=5.8.6 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash b097fc537417d8d61ff97190359ed4290ce5ce5fd0b59884ab2af1f0a30353a4 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Content-Encoding gzip Last-Modified Fri, 20 Sep 2019 09:46:33 GMT Server Apache/2.4.41 (Ubuntu) ETag "17a52-592f8f20b48e3-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 33756
GET H/1.1	200 OK	k7_image.js Show response labs.k7computing.com/wp-content/themes/k7security/blog/js/	626 KB 135 KB	181ms 181ms	Script application/javascript	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/js/k7_image.js?ver=5.8.6 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash d6c3f4d02b23415a47a6b76ea46d842742d00950dfea69b14be58c0d49bef917 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Content-Encoding gzip Last-Modified Fri, 20 Sep 2019 10:03:01 GMT Server Apache/2.4.41 (Ubuntu) ETag "9c96c-592f92ce78fbe-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99
GET H/1.1	200 OK	k7_jq.js Show response labs.k7computing.com/wp-content/themes/k7security/blog/js/	98 KB 28 KB	175ms 173ms	Script application/javascript	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/blog/js/k7_jq.js?ver=5.8.6 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash fd1c45b8b1cd955550af27b4f9c79a47cfce0536568d9ab86d2a410724a81acb Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Content-Encoding gzip Last-Modified Tue, 25 Jun 2019 12:36:18 GMT Server Apache/2.4.41 (Ubuntu) ETag "18601-58c252ce2aaf2-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 27811
GET H/1.1	200 OK	print.css labs.k7computing.com/wp-content/themes/k7security/	4 KB 2 KB	167ms 167ms	Stylesheet text/css	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://labs.k7computing.com/wp-content/themes/k7security/print.css?ver=5.8.6 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 9b64af17935159b99b0d25c43790547477cb859531dad4acbf28788143543620 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:09 GMT Content-Encoding gzip Last-Modified Tue, 25 Jun 2019 09:24:11 GMT Server Apache/2.4.41 (Ubuntu) ETag "f68-58c227dd247ff-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 1205
GET H2	200	7Auwp_0qiz-afTLGLQ.woff2 fonts.gstatic.com/s/muli/v28/	30 KB 31 KB	139ms 79ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Muli:400,700,800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://labs.k7computing.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 20:01:37 GMT x-content-type-options nosniff age 219451 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31196 x-xss-protection 0 last-modified Mon, 11 Jul 2022 20:43:05 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 06 Jan 2024 20:01:37 GMT
GET H2	200	XRXW3I6Li01BKofAjsOUYevI.woff2 fonts.gstatic.com/s/nunito/v9/	19 KB 20 KB	71ms 29ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/nunito/v9/XRXW3I6Li01BKofAjsOUYevI.woff2 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 65affc2090809c430437d54d5d413fb1e803e5cfb42e80a14318839abf604be5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://labs.k7computing.com/ Origin https://labs.k7computing.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 18:36:34 GMT x-content-type-options nosniff age 138154 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19748 x-xss-protection 0 last-modified Tue, 10 Oct 2017 23:06:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 07 Jan 2024 18:36:34 GMT
GET H2	200	webengage-min-v-6.0.js Show response ssl.widgets.webengage.com/js/	201 KB 60 KB	113ms 35ms	Script application/javascript	2606:4700::6812:1d93 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d93 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2db6d26e1b31c9e3f5cb51e91b63dcaafd885bf86fab1766736a4a245d32c2f3 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:08 GMT via 1.1 aa89236c3ef628703c4b8322e4ce6d96.cloudfront.net (CloudFront) content-encoding gzip cf-cache-status HIT x-amz-cf-pop MXP64-C2 age 11206 x-cache Hit from cloudfront last-modified Wed, 10 Aug 2022 12:03:00 GMT server cloudflare etag W/"62f39e74-324eb" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 786bf9a24d4c59b9-MXP x-amz-cf-id 9FL6xFzNNnxcBCRl-mIDAFSiXEgldzQENwjyHJpDanw4EKuUkou1KQ== expires Mon, 09 Jan 2023 06:33:10 GMT
GET H2	200	JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2 fonts.gstatic.com/s/montserrat/v12/	18 KB 18 KB	89ms 71ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v12/JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e43d592d0aa592f24ad510ef3f453a51bba24a9534a07a55a9685b4d4b3f2cb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://labs.k7computing.com/ Origin https://labs.k7computing.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 21:01:35 GMT x-content-type-options nosniff age 129453 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18728 x-xss-protection 0 last-modified Tue, 07 Nov 2017 15:24:11 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 07 Jan 2024 21:01:35 GMT
GET H3	200	fontawesome-webfont.woff2 netdna.bootstrapcdn.com/font-awesome/4.3.0/fonts/	55 KB 56 KB	77ms 59ms	Font font/woff2	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://netdna.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0 Requested by Host: netdna.bootstrapcdn.com URL: https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css Origin https://labs.k7computing.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:08 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 722 cdn-cachedat 08/18/2022 19:50:49 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 56780 last-modified Mon, 25 Jan 2021 22:04:54 GMT cdn-proxyver 1.02 cdn-requestpullcode 200 server cloudflare etag "97493d3f11c0a3bd5cbd959f5d19b699" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid e44feefd9ccaf03bfd30afa97a3108a9 accept-ranges bytes timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 786bf9a1f8ab0e02-MXP cdn-requestpullsuccess True
GET H2	200	XRXW3I6Li01BKofAnsSUYevI.woff2 fonts.gstatic.com/s/nunito/v9/	19 KB 19 KB	80ms 62ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/nunito/v9/XRXW3I6Li01BKofAnsSUYevI.woff2 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 63a4fc5c8be608dda743ef429579e70c4d2f63e826f9a669ee0b7481a5a6088a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://labs.k7computing.com/ Origin https://labs.k7computing.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 04 Jan 2023 12:23:42 GMT x-content-type-options nosniff age 419726 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19336 x-xss-protection 0 last-modified Tue, 10 Oct 2017 23:05:56 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 04 Jan 2024 12:23:42 GMT
GET H2	200	XRXV3I6Li01BKofINeaB.woff2 fonts.gstatic.com/s/nunito/v9/	19 KB 19 KB	55ms 38ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/nunito/v9/XRXV3I6Li01BKofINeaB.woff2 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0420bbe7ccf39972cf0d8840155a57ba498afad2bcca98f0834ef2d80d646bed Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://labs.k7computing.com/ Origin https://labs.k7computing.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 18:08:46 GMT x-content-type-options nosniff age 139822 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19600 x-xss-protection 0 last-modified Tue, 10 Oct 2017 23:05:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 07 Jan 2024 18:08:46 GMT
GET H/1.1	200 OK	Figure1.png labs.k7computing.com/wp-content/uploads/2023/01/	108 KB 108 KB	177ms 160ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2023/01/Figure1.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 392a151242c91f77903a87c154cc4b1746999f058ff65bbdca4aa16971d8e2cb Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Wed, 04 Jan 2023 03:59:49 GMT Server Apache/2.4.41 (Ubuntu) ETag "1af59-5f168373e0cee" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 110425
GET H/1.1	200 OK	Figure2.png labs.k7computing.com/wp-content/uploads/2023/01/	18 KB 18 KB	168ms 168ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2023/01/Figure2.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 2bf89602077094e33e2a1a0469adb4e698207172725f775e82df290c72f66d4c Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Wed, 04 Jan 2023 04:00:38 GMT Server Apache/2.4.41 (Ubuntu) ETag "4888-5f1683a27ca7c" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 18568
GET H/1.1	200 OK	Figure3.png labs.k7computing.com/wp-content/uploads/2023/01/	20 KB 20 KB	169ms 169ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2023/01/Figure3.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 8527e7898d3db6116dcc4135019900ee8d7524b2c6a4661d9d496bdc6f3ca4aa Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:08 GMT Last-Modified Wed, 04 Jan 2023 04:01:26 GMT Server Apache/2.4.41 (Ubuntu) ETag "4fbc-5f1683d0d4208" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 20412
GET H/1.1	200 OK	Figure4.png labs.k7computing.com/wp-content/uploads/2023/01/	70 KB 70 KB	160ms 160ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2023/01/Figure4.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 40369d11179ee9607915ffbcd4bde73abb71ee0795e9288f75fa820c52609afa Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:09 GMT Last-Modified Wed, 04 Jan 2023 04:02:15 GMT Server Apache/2.4.41 (Ubuntu) ETag "117f4-5f1683ff1907d" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 71668
GET H/1.1	200 OK	Figure5.png labs.k7computing.com/wp-content/uploads/2023/01/	34 KB 34 KB	162ms 162ms	Image image/png	172.104.56.202 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.k7computing.com/wp-content/uploads/2023/01/Figure5.png Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.104.56.202 , Singapore, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1636-202.members.linode.com Software Apache/2.4.41 (Ubuntu) / Resource Hash 21b1aee508d9800c994b9eddaad8fa2ddb6bf5e92d7e9a4932380d6fc3a194df Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Mon, 09 Jan 2023 08:59:09 GMT Last-Modified Wed, 04 Jan 2023 04:03:01 GMT Server Apache/2.4.41 (Ubuntu) ETag "86ad-5f16842b68f05" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 34477
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	142ms 38ms	Script text/javascript	2a00:1450:400d:807::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-151201792-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Mon, 09 Jan 2023 08:21:55 GMT last-modified Tue, 27 Sep 2022 22:01:05 GMT server Golfe2 age 2233 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20039 expires Mon, 09 Jan 2023 10:21:55 GMT
GET H2	200	storage-frame-1.18.htm Show response aa13266b.webengage.co/ Frame 5241	3 KB 2 KB	123ms 25ms	Document text/html	2600:9000:223d:e200:8:cf94:88c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://aa13266b.webengage.co/storage-frame-1.18.htm?cdn=y&cbf=webengage-engagement-callback-frame&lc=aa13266b Requested by Host: ssl.widgets.webengage.com URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223d:e200:8:cf94:88c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 16c8ad014e255e48470f6856e3ac20f6050865f72e971417501057d4aeaddd98 Request headers Referer https://labs.k7computing.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers access-control-allow-origin * age 14027 cache-control max-age=14400 content-encoding gzip content-type text/html date Mon, 09 Jan 2023 05:05:21 GMT etag W/"60b76f62-d60" expires Mon, 09 Jan 2023 09:05:21 GMT last-modified Wed, 02 Jun 2021 11:45:38 GMT server nginx vary Accept-Encoding via 1.1 474733f16f494ddb794b4f7dfd7de966.cloudfront.net (CloudFront) x-amz-cf-id G1j8M6k1_gl80pRr45bLVo5HUojD-zS-sHJEc40qtmgWLoUGKeaBAg== x-amz-cf-pop FRA56-P3 x-cache Hit from cloudfront
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	135ms 58ms	XHR text/plain	2a00:1450:400d:807::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j98&a=558426645&t=pageview&_s=1&dl=https%3A%2F%2Flabs.k7computing.com%2Findex.php%2Fpupy-rat-hiding-under-werfaults-cover%2F&ul=en-us&de=UTF-8&dt=Pupy%20RAT%20hiding%20under%20WerFault%E2%80%99s%20cover%20-%20K7%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=538683397&gjid=855327079&cid=745881651.1673254749&tid=UA-151201792-1&_gid=122672637.1673254749&_r=1&gtm=2ou120&z=391015503 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://labs.k7computing.com/ accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 09 Jan 2023 08:59:08 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://labs.k7computing.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	v4.js Show response wsdk-files.webengage.com/webengage/aa13266b/ Frame 5241	20 KB 3 KB	116ms 91ms	Script application/x-javascript	2606:4700::6812:1d93 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsdk-files.webengage.com/webengage/aa13266b/v4.js Requested by Host: aa13266b.webengage.co URL: https://aa13266b.webengage.co/storage-frame-1.18.htm?cdn=y&cbf=webengage-engagement-callback-frame&lc=aa13266b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d93 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6ceaf3ae7bab201c15edf0493ab48667edab9b89c9d700edfbaa3fe9505d6bb1 Request headers accept-language it-IT,it;q=0.9 Referer https://aa13266b.webengage.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:08 GMT content-encoding gzip via 1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront) x-amz-version-id 7GoNrmw9lqRfzFNW2Z1qt2XHvcvdDDdA cf-cache-status REVALIDATED x-amz-cf-pop FRA56-C2 x-amz-server-side-encryption AES256 x-cache RefreshHit from cloudfront content-length 2919 last-modified Fri, 06 Jan 2023 08:05:32 GMT server cloudflare etag "097818efedc6fc8d1113e769e1c4458e" vary Accept-Encoding content-type application/x-javascript; charset=UTF-8 cache-control public, max-age=60, must-revalidate accept-ranges bytes cf-ray 786bf9a4397f59b9-MXP x-amz-cf-id hYiV093nEc3fu2YGxeUdNXg6HEg8L8f5qzr9yz_QLtK5Pl554ZXh9Q==
GET H2	200	upf.js Show response c.webengage.com/	630 B 1 KB	412ms 120ms	Script application/javascript	3.232.203.115 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://c.webengage.com/upf.js?lp=https%3A%2F%2Flabs.k7computing.com%2Findex.php%2Fpupy-rat-hiding-under-werfaults-cover%2F&rf=&geo=y&jsonp=_we_jsonp_global_cb_1673254748932 Requested by Host: ssl.widgets.webengage.com URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.232.203.115 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-203-115.compute-1.amazonaws.com Software / Resource Hash 3ed1279edefc7b1c4b126cb033ae618bed8d6691ca16ee1d8b0436466376b411 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:09 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff x-dns-prefetch-control off content-length 630 x-xss-protection 1; mode=block pragma no-cache x-download-options noopen x-frame-options SAMEORIGIN access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true vary Accept-Encoding access-control-allow-headers X-Requested-With,content-type expires 0
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 445 B	107ms 35ms	XHR text/plain	2a00:1450:400c:c07::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-151201792-1&cid=745881651.1673254749&jid=538683397&gjid=855327079&_gid=122672637.1673254749&_u=YEBAAUAAAAAAACAAI~&z=1938791618 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash b4cd4f889e2c7dd71da12d2b0a29aa6346de2e5d8b3c882d7700d64c700f661d Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://labs.k7computing.com/ accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Mon, 09 Jan 2023 08:59:09 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://labs.k7computing.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 501 B	105ms 40ms	Image image/gif	2a00:1450:4001:82b::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-151201792-1&cid=745881651.1673254749&jid=538683397&_u=YEBAAUAAAAAAACAAI~&z=1795846484 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Mon, 09 Jan 2023 08:59:09 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.it/ads/	42 B 501 B	177ms 63ms	Image image/gif	2a00:1450:400d:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.it/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-151201792-1&cid=745881651.1673254749&jid=538683397&_u=YEBAAUAAAAAAACAAI~&z=1795846484 Requested by Host: labs.k7computing.com URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Mon, 09 Jan 2023 08:59:09 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	3k9e6g8.js Show response wsdk-files.webengage.com/webengage/aa13266b/	2 KB 980 B	28ms 28ms	Script application/x-javascript	2606:4700::6812:1d93 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsdk-files.webengage.com/webengage/aa13266b/3k9e6g8.js?r=1542094780000 Requested by Host: ssl.widgets.webengage.com URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d93 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0af25132cf0d8d149724771051caa8d020d70892a8bcf6a60199afcd3ff93f52 Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:09 GMT content-encoding gzip via 1.1 cd4dfe3c4e4ae7c889b30370e31a809e.cloudfront.net (CloudFront) x-amz-version-id null cf-cache-status HIT x-amz-cf-pop MXP63-P4 age 435912 x-cache Hit from cloudfront content-length 696 last-modified Tue, 13 Nov 2018 13:09:41 GMT server cloudflare etag "2f448c6334e2cf4b7b1a7f0f1bc17260" vary Accept-Encoding content-type application/x-javascript cache-control max-age=604800 accept-ranges bytes cf-ray 786bf9a77fbf59b9-MXP x-amz-cf-id I3_ynkRoH7r9cbVxc6MbW7Gwbz-RCz_o__t43LaDOXAbdKV0qBByaw==
GET H2	200	conversion.js Show response ssl.widgets.webengage.com/js/	6 KB 2 KB	32ms 31ms	Script application/javascript	2606:4700::6812:1d93 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ssl.widgets.webengage.com/js/conversion.js?v=277 Requested by Host: ssl.widgets.webengage.com URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d93 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b769da7779f985e9af8ec81ff36cce04d182a0bfbe3c5d287525e19afedd1efa Request headers accept-language it-IT,it;q=0.9 Referer https://labs.k7computing.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Mon, 09 Jan 2023 08:59:09 GMT via 1.1 82ded7662ff2806d716068ef52891c6a.cloudfront.net (CloudFront) content-encoding gzip cf-cache-status HIT x-amz-cf-pop MXP64-C2 age 4121 x-cache Hit from cloudfront last-modified Wed, 10 Aug 2022 12:02:16 GMT server cloudflare etag W/"62f39e48-16d0" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 786bf9a7a82859b9-MXP x-amz-cf-id EDoQjhoDEmtBZR6q23G_fuZF6TMLjmyT9HIq6L5q5CN5b5axn7WZ_w== expires Mon, 09 Jan 2023 11:26:40 GMT
POST H2	200	l4.jpg c.webengage.com/	43 B 398 B	118ms 117ms	Ping image/gif	3.232.203.115 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://c.webengage.com/l4.jpg Requested by Host: ssl.widgets.webengage.com URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.232.203.115 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-203-115.compute-1.amazonaws.com Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://labs.k7computing.com/ accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 09 Jan 2023 08:59:09 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff x-download-options noopen x-dns-prefetch-control off x-frame-options SAMEORIGIN content-type image/gif access-control-allow-origin * access-control-allow-methods GET, POST, OPTIONS access-control-allow-credentials true access-control-allow-headers X-Requested-With,content-type x-xss-protection 1; mode=block