labs.k7computing.com Open in urlscan Pro
172.104.56.202 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Submission: On November 16 via api (November 16th 2023, 6:04:39 pm UTC) from IN — Scanned from SG

Summary HTTP 69 Redirects Links 62 Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 13 domains to perform 69 HTTP transactions. The main IP is 172.104.56.202, located in Singapore, Singapore and belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG. The main domain is labs.k7computing.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on July 16th 2023. Valid for: a year.

This is the only time labs.k7computing.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
39	172.104.56.202 172.104.56.202	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2404:6800:400... 2404:6800:4003:c01::5f	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
4	2606:4700:10:... 2606:4700:10::6816:325d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2404:6800:400... 2404:6800:4003:c1a::61	15169 (GOOGLE) (GOOGLE)
5	2404:6800:400... 2404:6800:4003:c1a::5e	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4003:c0f::66	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:1c93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:200... 2600:9000:2003:8a00:8:cf94:88c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4003:c1c::9d	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4003:c06::5e	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4003:c1c::93	15169 (GOOGLE) (GOOGLE)
2	72.44.42.191 72.44.42.191	14618 (AMAZON-AES) (AMAZON-AES)
69	15

39 172.104.56.202 (Singapore, Singapore)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1636-202.members.linode.com

labs.k7computing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c01::5f (Singapore, Singapore)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:325d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.datatables.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c1a::61 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2404:6800:4003:c1a::5e (Singapore, Singapore)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c0f::66 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:1c93 (United States)

ASN13335 (CLOUDFLARENET, US)

ssl.widgets.webengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wsdk-files.webengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2003:8a00:8:cf94:88c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

aa13266b.webengage.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c1c::9d (Singapore, Singapore)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c06::5e (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google.com.sg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c1c::93 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.44.42.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-72-44-42-191.compute-1.amazonaws.com

c.webengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	k7computing.com labs.k7computing.com	4 MB
5	webengage.com ssl.widgets.webengage.com — Cisco Umbrella Rank: 35772 wsdk-files.webengage.com — Cisco Umbrella Rank: 29245 c.webengage.com — Cisco Umbrella Rank: 17015	92 KB
5	gstatic.com fonts.gstatic.com	109 KB
4	datatables.net cdn.datatables.net — Cisco Umbrella Rank: 4970	36 KB
2	google.com.sg www.google.com.sg — Cisco Umbrella Rank: 13407	517 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78	414 B
2	google.com analytics.google.com — Cisco Umbrella Rank: 157 www.google.com — Cisco Umbrella Rank: 2	667 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	153 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	2 KB
2	bootstrapcdn.com netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3035	62 KB
1	webengage.co aa13266b.webengage.co	2 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 762	33 KB
69	13

	Domain	Requested by
39	labs.k7computing.com	labs.k7computing.com
5	fonts.gstatic.com	fonts.googleapis.com labs.k7computing.com
4	cdn.datatables.net	labs.k7computing.com
2	c.webengage.com	ssl.widgets.webengage.com
2	wsdk-files.webengage.com	aa13266b.webengage.co ssl.widgets.webengage.com
2	www.google.com.sg	labs.k7computing.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	labs.k7computing.com www.googletagmanager.com
2	fonts.googleapis.com	labs.k7computing.com
2	netdna.bootstrapcdn.com	labs.k7computing.com netdna.bootstrapcdn.com
1	www.google.com	labs.k7computing.com
1	analytics.google.com	www.googletagmanager.com
1	aa13266b.webengage.co	ssl.widgets.webengage.com
1	ssl.widgets.webengage.com	labs.k7computing.com
1	code.jquery.com	labs.k7computing.com
69	16

This site contains links to these domains. Also see Links.

Domain
k7computing.com
www.k7computing.com
k7academy.com
www.crowdstrike.com
source.winehq.org
github.com
www.recordedfuture.com
twitter.com
www.facebook.com
www.linkedin.com
support.k7computing.com
careers.k7computing.com

Subject Issuer	Validity	Valid
*.k7computing.com Go Daddy Secure Certificate Authority - G2	`2023-07-16` - `2024-08-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
webengage.com Cloudflare Inc ECC CA-3	`2023-03-23` - `2024-03-22`	a year	crt.sh
webengage.co Amazon RSA 2048 M02	`2023-06-04` - `2024-07-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com.sg GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.webengage.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-02` - `2024-05-21`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Frame ID: F6CDC7828F57D4A7D9BF52D1C4583F55
Requests: 67 HTTP requests in this frame

Frame: https://aa13266b.webengage.co/storage-frame-1.18.htm?cdn=y&cbf=webengage-engagement-callback-frame&lc=aa13266b
Frame ID: F1E67E4CB529D302BF997693418350E2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pupy RAT hiding under WerFault’s cover - K7 Labs

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Material Design Lite (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href="[^"]*material(?:\.[\w]+-[\w]+)?(?:\.min)?\.css

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

DataTables (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

dataTables.*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

prettyPhoto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:<link [^>]*href="[^"]*prettyPhoto(?:\.min)?\.css|<a [^>]*rel="prettyPhoto)
jquery\.prettyPhoto\.js

Page Statistics

69
Requests

100 %
HTTPS

87 %
IPv6

13
Domains

16
Subdomains

15
IPs

2
Countries

4635 kB
Transfer

7440 kB
Size

4
Cookies

62 Outgoing links

These are links going to different origins than the main page.

URL: http://k7computing.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/home-users
Title: Home Products

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/home-users/antivirus-premium
Title: K7 Antivirus Premium

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/home-users/total-security
Title: K7 Total Security

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/home-users/ultimate-security
Title: K7 Ultimate Security

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/home-users/mac-security
Title: K7 Antivirus for Mac

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/home-users/mobile-security-android
Title: K7 Mobile Security – Android

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/home-users/mobile-security-ios
Title: K7 Mobile Security – iOS

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/infiniti/?utm_source=menu&utm_medium=website&utm_campaign=infiniti
Title: K7 Ultimate Security Infiniti

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/business-users
Title: Business Products

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/about-us
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/awards
Title: Awards & Recognitions

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/certifications
Title: Certifications

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/news
Title: News & PR

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/affiliates
Title: Affiliates

Search URL Search Domain Scan URL

URL: https://k7academy.com/
Title: K7 Academy

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/free_downloads
Title: Product Downloads

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/free_tools
Title: Free Tools

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/free_scanner
Title: Free Scanner

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/technical_blog
Title: Technical Blog

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/threat_reports
Title: Threat Reports

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/videos
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/refer-and-earn
Title: Refer & Earn

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/become-a-partner
Title: Partners

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/free_trials
Title: Free Trial

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/renew
Title: Renew

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/guloader-malware-analysis/#:~:text=DJB2%20Hashes%20for%20Windows%20API%20Resolution
Title: Guloader

Search URL Search Domain Scan URL

URL: https://source.winehq.org/WineAPI/SystemFunction032.html
Title: WineAPI

Search URL Search Domain Scan URL

URL: https://github.com/n1nj4sec/pupy
Title: Github

Search URL Search Domain Scan URL

URL: https://www.recordedfuture.com/pupyrat-malware-analysis
Title: sources

Search URL Search Domain Scan URL

URL: https://twitter.com/SBousseaden/status/1603425101528956935
Title: https://twitter.com/SBousseaden/status/1603425101528956935

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Title: Facebook0

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/&text=Pupy%20RAT%20hiding%20under%20WerFault%E2%80%99s%20cover
Title: Twitter0

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/&title=Pupy%20RAT%20hiding%20under%20WerFault%E2%80%99s%20cover&summary=&source=
Title: Linkedin0

Search URL Search Domain Scan URL

URL: https://k7computing.com/

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/home-users/antivirus-premium
Title: K7 Antivirus Premium

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/home-users/total-security
Title: K7 Total Security

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/home-users/multi-device
Title: K7 Ultimate Security

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/home-users/mac-security
Title: K7 Antivirus for Mac

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/home-users/mobile-security-a
Title: K7 Mobile Security – Android

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/home-users/mobile-security-i
Title: K7 Mobile Security – iOS

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/infiniti/?utm_source=footer&utm_medium=website&utm_campaign=infiniti
Title: K7 Ultimate Security Infiniti

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/business-users/endpoint-security/k7-on-premises-EPS
Title: K7 On-premises Endpoint Security

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/business-users/endpoint-security/k7-cloud-EPS
Title: K7 Cloud Endpoint Security

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/business-users/network-security/k7-utm
Title: K7 Unified Threat Management

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/business-users/network-security/k7-vpn-concentrator
Title: K7 VPN Concentrator

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/business-users/network-security/k7-connect-500
Title: K7 Connect 500

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/business-users/business-security
Title: Small Office

Search URL Search Domain Scan URL

URL: https://support.k7computing.com/index.php
Title: Support

Search URL Search Domain Scan URL

URL: https://careers.k7computing.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/in/become-a-partner
Title: Partners

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/terms-conditions
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/eula
Title: EULA

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/anti-piracy/antiPiracy
Title: Anti-Piracy

Search URL Search Domain Scan URL

URL: https://www.k7computing.com/refund-cancellation-policy
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/K7Computing

Search URL Search Domain Scan URL

URL: https://twitter.com/k7computing

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/k7-computing

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

69 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/ 75 KB
16 KB 867ms
158ms Document
text/html 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),

Reverse DNS

li1636-202.members.linode.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

0904e1a75f5118bc15dd59c1a82194731cecdaddae7d10a5523c0456066bbbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 15963
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Nov 2023 18:04:33 GMT
Keep-Alive: timeout=5, max=100
Link: <https://labs.k7computing.com/?p=25157>; rel=shortlink
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

GET
H2 200 font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 59ms
12ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 900
age: 578868
cdn-cachedat: 06/19/2022 18:25:24
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"04425bbdc6243fc6e54bf8984fe50330"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 59f7ebcb5a695c71a8fe656285f6597e
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 8271a83839593e53-SIN
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 37ms
10ms Stylesheet
text/css 2404:6800:4003:c01::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A500%2C700%7CNunito%3A300%2C700%2C400%2C400italic%7CMuli%3A600%7CMontserrat%3A500&subset=latin&ver=1508772994

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::5f Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

865292a6ccb6e3a91f40fc1a3827ab96315fc36c3ee53cc5a2ca684d256b7b30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Nov 2023 18:04:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 18:04:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Nov 2023 18:04:33 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
913 B 33ms
6ms Stylesheet
text/css 2404:6800:4003:c01::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Muli:400,700,800&display=swap

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::5f Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

030c093b9400829c094b726288cdbcaea6793f15b59780040311ca57b163ecd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Nov 2023 18:04:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 18:04:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Nov 2023 18:04:33 GMT

GET
H/1.1 200
OK prettyPhoto.css
labs.k7computing.com/wp-content/themes/k7security/blog/css/ 19 KB
3 KB 16ms
7ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/css/prettyPhoto.css
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 6b172a8b7556bb06b638d9680458038bb86a3034a9134559d2458d88eb97357c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Jul 2019 09:20:46 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "4cf1-58d27f5896f87-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2765

GET
H2 200 jquery-1.12.4.min.js Show response
code.jquery.com/ 95 KB
33 KB 548ms
173ms Script
application/javascript 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.12.4.min.js
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:34 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5357269
x-cache: HIT, HIT
content-length: 33738
x-served-by: cache-lga21956-LGA, cache-maa10234-MAA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1700157874.298568,VS0,VE0
etag: W/"28feccc0-17b8b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 220, 56484

GET
H/1.1 200
OK jquery.prettyPhoto.js Show response
labs.k7computing.com/wp-content/themes/k7security/blog/js/ 23 KB
6 KB 35ms
9ms Script
application/javascript 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/js/jquery.prettyPhoto.js
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 340277869a89746ff06a46d7a773d8b87708a32da1669635ddafec18aaea1ed3

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Jul 2019 09:20:46 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "5bd4-58d27f587ba03-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 6238

GET
H2 200 jquery.dataTables.min.css
cdn.datatables.net/1.10.19/css/ 14 KB
2 KB 37ms
11ms Stylesheet
text/css 2606:4700:10::6816:325d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.datatables.net/1.10.19/css/jquery.dataTables.min.css

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

618d62ceaca1223e16de2c8939a1963a95c34b0ac75852f835f93e5b42f20871

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:33 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 499021
content-length: 2109
last-modified: Tue, 17 Jul 2018 10:18:26 GMT
server: cloudflare
etag: "1121ccf-364c-5712f444e19c2-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8271a8381d78a3ef-SIN
access-control-allow-headers: origin, x-requested-with, content-type
expires: Sat, 09 Nov 2024 23:27:32 GMT

GET
H2 200 responsive.dataTables.min.css
cdn.datatables.net/responsive/2.2.3/css/ 4 KB
1 KB 38ms
13ms Stylesheet
text/css 2606:4700:10::6816:325d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.datatables.net/responsive/2.2.3/css/responsive.dataTables.min.css

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ec1d2032daf47da420abf0f0e67ab2654648aabdda55e89e6da392b6158c382

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:33 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 53321
content-length: 930
last-modified: Tue, 17 Jul 2018 10:19:02 GMT
server: cloudflare
etag: "13c1e94-f59-5712f467268f2-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8271a8381d7ca3ef-SIN
access-control-allow-headers: origin, x-requested-with, content-type
expires: Fri, 15 Nov 2024 03:15:51 GMT

GET
H2 200 jquery.dataTables.min.js Show response
cdn.datatables.net/1.10.19/js/ 80 KB
28 KB 40ms
16ms Script
application/javascript 2606:4700:10::6816:325d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b796504d9b1b422f0dc6ccc2d740ac78a8c9e5078cc3934836d39742b1121925

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:33 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1277054
content-length: 28049
last-modified: Tue, 17 Jul 2018 10:18:27 GMT
server: cloudflare
etag: "1121ce7-141eb-5712f4450dcca-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8271a8381d7fa3ef-SIN
access-control-allow-headers: origin, x-requested-with, content-type
expires: Thu, 31 Oct 2024 23:20:19 GMT

GET
H2 200 dataTables.responsive.min.js Show response
cdn.datatables.net/responsive/2.2.3/js/ 13 KB
5 KB 37ms
12ms Script
application/javascript 2606:4700:10::6816:325d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.datatables.net/responsive/2.2.3/js/dataTables.responsive.min.js

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:325d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed36e2939292383b8688e2c83857e13f8ee9e542ba875c33c3c085488fd32a17

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:33 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 679169
content-length: 4594
last-modified: Tue, 17 Jul 2018 10:19:02 GMT
server: cloudflare
etag: "13e05e4-32e7-5712f46726cda-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8271a8381d80a3ef-SIN
access-control-allow-headers: origin, x-requested-with, content-type
expires: Thu, 07 Nov 2024 21:25:03 GMT

GET
H/1.1 200
OK style.css
labs.k7computing.com/wp-content/plugins/social-share-button/assets/front/css/ 414 B
548 B 12ms
4ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/plugins/social-share-button/assets/front/css/style.css?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: d7903a717a8b1125ad31ef9a2dcae8d7af8c7806eb3e7d608639e382c854a5e0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 05:16:44 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "19e-5f711aee79b80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 212

GET
H/1.1 200
OK fontawesome-5.min.css
labs.k7computing.com/wp-content/plugins/social-share-button/assets/global/css/ 77 KB
16 KB 16ms
7ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/plugins/social-share-button/assets/global/css/fontawesome-5.min.css?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: f9db1b06a7cfcabc0a842a496f6af2ab20c2e9aa6482210313b3c1588f4a066a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 05:16:44 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "135a8-5f711aee808e0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 16246

GET
H/1.1 200
OK style.css
labs.k7computing.com/wp-content/themes/k7security/ 220 KB
29 KB 26ms
11ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 55e2d079ffefd94a06d895269a9aa51c25331c0bfc7e7541a6b903402fea588f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Mar 2022 05:13:29 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "3704f-5db405f71a018-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 28942

GET
H/1.1 200
OK style.css
labs.k7computing.com/wp-content/plugins/social-share-button/themes/theme10/ 2 KB
1 KB 20ms
6ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/plugins/social-share-button/themes/theme10/style.css?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 6f361479c4c0dcc4d25a12b11c00433997eb6524e8828969e8c566c58a34b6a8

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 05:35:31 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "9d2-5f711f2152632-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 701

GET
H/1.1 200
OK jquery.min.js Show response
labs.k7computing.com/wp-includes/js/jquery/ 87 KB
31 KB 47ms
8ms Script
application/javascript 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Dec 2021 06:01:42 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "15db1-5d3c9f8f1e0fd-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 30908

GET
H/1.1 200
OK scripts.js Show response
labs.k7computing.com/wp-content/plugins/social-share-button/assets/front/js/ 1 KB
799 B 47ms
7ms Script
application/javascript 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/plugins/social-share-button/assets/front/js/scripts.js?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: fd70087414a7e4c7ef31d20590f05c713a88264fcfdbaf7aba3ffd06da8c3b11

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 05:16:44 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "4a1-5f711aee79b80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 450

GET
H/1.1 200
OK style.css
labs.k7computing.com/wp-content/themes/k7security/blog/css/ 836 KB
110 KB 42ms
29ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/css/style.css
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: f6af0bc7a108f87a05981a9ae50a218c2aee3a296ca5e85ec8bc1d5aab65ee82

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 May 2022 07:08:51 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "d0fdf-5decb3ae9696b-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK rgs.css
labs.k7computing.com/wp-content/themes/k7security/blog/css/ 6 KB
1 KB 18ms
5ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/css/rgs.css
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 543714c91ccb2334b7a55050649f0d5690ec45b548fe3dcf51fd8bed61798ab4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Jun 2019 12:36:17 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "16e4-58c252cd1d26f-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1167

GET
H/1.1 200
OK skin-material.css
labs.k7computing.com/wp-content/themes/k7security/blog/css/ 104 KB
15 KB 28ms
9ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/css/skin-material.css
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 96cf7868ea942c789ea8c2f728992116800ee02cd3259e52ce3854c725ddd18b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Thu, 31 Oct 2019 10:02:46 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "19ea8-59631f37a6788-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 15491

GET
H/1.1 200
OK responsive.css
labs.k7computing.com/wp-content/themes/k7security/blog/css/ 171 KB
25 KB 36ms
15ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/css/responsive.css
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 4e0de8e05abf4df68de7e9433c3003367a4570ef279d8c3c2c9de78545dfcf9e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Mar 2022 04:22:51 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "2ad90-5db0350d4d3aa-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 25397

GET
H/1.1 200
OK support.css
labs.k7computing.com/wp-content/themes/k7security/blog/css/ 128 KB
16 KB 28ms
8ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/css/support.css
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: b0089bce367c4a2cb11f1331937ffaf60a173750355d896eb038d43c5e6ff10c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 02 Jul 2019 06:14:10 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "20040-58caca72db44f-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 16419

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 23ms
13ms Script
application/javascript 2404:6800:4003:c1a::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-151201792-1

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

30d34ec0cc697b071d3a96bdc0e8d8c985da2070c340b4fa947eebfebc8e9594

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 68751
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Nov 2023 18:04:34 GMT

GET
H/1.1 200
OK k7_securitylabs_logo.png
labs.k7computing.com/wp-content/themes/k7security/blog/ 4 KB
4 KB 4ms
3ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/k7_securitylabs_logo.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: b76c5d79c454c6fd45687f9813b352a29509bba8860e37784cabe7f3e10b70cb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Last-Modified: Tue, 25 Jun 2019 12:36:15 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "1071-58c252cbce30b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 4209

GET
H/1.1 200
OK Pupy-RAT.png
labs.k7computing.com/wp-content/uploads/2023/01/ 228 KB
228 KB 4ms
3ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/Pupy-RAT.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 316ed91f4a89cc5df8310da8bea2dca87a9891df9ed8b59ae7800d4440207d17

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Last-Modified: Wed, 04 Jan 2023 03:51:05 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "38f97-5f16818093529"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 233367

GET
H/1.1 200
OK Clip-Bankers-02-scaled.jpg
labs.k7computing.com/wp-content/uploads/2023/10/ 180 KB
181 KB 6ms
4ms Image
image/jpeg 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/10/Clip-Bankers-02-scaled.jpg
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 0f5b5b27c5e9a2ec48a5c7f83927d49fe8d2845dd32a9d6676114724c05ab3da

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Last-Modified: Wed, 18 Oct 2023 07:59:40 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "2d16b-607f90573f378"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 184683

GET
H/1.1 200
OK RomCom-RAT.png
labs.k7computing.com/wp-content/uploads/2023/09/ 230 KB
230 KB 5ms
4ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/09/RomCom-RAT.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 6908560be100bd8571559b8f6a6010fabaffe65197769df075f80c493614b4aa

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Last-Modified: Fri, 08 Sep 2023 07:14:19 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "39634-604d3b9a96b32"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 235060

GET
H/1.1 200
OK Pirrit.jpg
labs.k7computing.com/wp-content/uploads/2023/09/ 555 KB
555 KB 8ms
7ms Image
image/jpeg 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/09/Pirrit.jpg
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: c8389c6bf147c2c920c5063c08e2d895c8846cb34c50eb95b4db33bc2d4ec52b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Last-Modified: Thu, 07 Sep 2023 10:58:43 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "8ac44-604c2be4b73c5"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 568388

GET
H/1.1 200
OK k7.jpg
labs.k7computing.com/wp-content/uploads/2018/08/ 34 KB
35 KB 4ms
3ms Image
image/jpeg 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2018/08/k7.jpg
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: ab3dc0045616cf94a5a6cbc3f39499e93716a40b072dd02d01f8e028aa6e5030

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Wed, 26 Jun 2019 06:14:43 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "896b-58c33f613c015"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 35179

GET
H/1.1 200
OK nophoto.png
labs.k7computing.com/wp-content/themes/k7security/ 6 KB
6 KB 4ms
4ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/nophoto.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 9f266703b40b04b279432112f20fc52488493407f28bd6b0f6ed550c5ad243b4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Tue, 25 Jun 2019 09:24:11 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "16ce-58c227dd247ff"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 5838

GET
H/1.1 200
OK Ryuk.png
labs.k7computing.com/wp-content/uploads/2020/02/ 1 MB
1 MB 5ms
5ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2020/02/Ryuk.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: a9a593700f199e327e1dc0ab745e30d99659e7f0dafa63de7bea0fe0b3ae10fb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Mon, 24 Feb 2020 04:13:33 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "12beab-59f4a9835b7fc"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 1228459

GET
H/1.1 200
OK 20.png
labs.k7computing.com/wp-content/uploads/userphoto/ 23 KB
23 KB 4ms
4ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/userphoto/20.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: aee4bc8bf9fcc6c4189eb0cb70862d67c02fddc7cbdda348b3acc92dd16886f7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Thu, 27 Jun 2019 07:18:00 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "5be4-58c48f63aea9a"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 23524

GET
H/1.1 200
OK Zloader-malware-Blog.jpg
labs.k7computing.com/wp-content/uploads/2021/06/ 512 KB
512 KB 3ms
3ms Image
image/jpeg 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2021/06/Zloader-malware-Blog.jpg
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 628b726ea1355ff18a46fe4123d12bd685df1c559389e5c156d4d3686fb6774c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Wed, 23 Jun 2021 04:12:59 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "7fecd-5c5671f363f6d"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 523981

GET
H/1.1 200
OK 14.jpg
labs.k7computing.com/wp-content/uploads/userphoto/ 5 KB
5 KB 3ms
3ms Image
image/jpeg 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/userphoto/14.jpg
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 4adc581731385cb8a760566d8f8a6f004989325a1574d46a335ffcb7e0931e2f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Thu, 22 Jul 2021 03:50:47 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "145c-5c7ae313e62f4"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 5212

GET
H/1.1 200
OK logo.png
labs.k7computing.com/wp-content/uploads/2019/06/ 4 KB
5 KB 3ms
3ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2019/06/logo.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 96c54f392e93fdbe96d44b810423cd458ae254520f6546b5f42703bb020eeb65

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Fri, 28 Jun 2019 09:27:12 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "11f2-58c5ee21f1c9d"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=87
Content-Length: 4594

GET
H/1.1 200
OK wp-embed.min.js Show response
labs.k7computing.com/wp-includes/js/ 1 KB
1 KB 4ms
4ms Script
application/javascript 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-includes/js/wp-embed.min.js?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 May 2023 06:16:31 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "5c6-5fbdda0fff310-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 804

GET
H/1.1 200
OK k7_script.js Show response
labs.k7computing.com/wp-content/themes/k7security/blog/js/ 95 KB
33 KB 12ms
12ms Script
application/javascript 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/js/k7_script.js?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: b097fc537417d8d61ff97190359ed4290ce5ce5fd0b59884ab2af1f0a30353a4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Sep 2019 09:46:33 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "17a52-592f8f20b48e3-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 33756

GET
H/1.1 200
OK k7_image.js Show response
labs.k7computing.com/wp-content/themes/k7security/blog/js/ 626 KB
135 KB 23ms
23ms Script
application/javascript 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/js/k7_image.js?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: d6c3f4d02b23415a47a6b76ea46d842742d00950dfea69b14be58c0d49bef917

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Sep 2019 10:03:01 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "9c96c-592f92ce78fbe-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94

GET
H/1.1 200
OK k7_jq.js Show response
labs.k7computing.com/wp-content/themes/k7security/blog/js/ 98 KB
28 KB 9ms
8ms Script
application/javascript 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/blog/js/k7_jq.js?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: fd1c45b8b1cd955550af27b4f9c79a47cfce0536568d9ab86d2a410724a81acb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Jun 2019 12:36:18 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "18601-58c252ce2aaf2-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 27811

GET
H/1.1 200
OK print.css
labs.k7computing.com/wp-content/themes/k7security/ 4 KB
2 KB 4ms
4ms Stylesheet
text/css 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/themes/k7security/print.css?ver=5.8.8
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 9b64af17935159b99b0d25c43790547477cb859531dad4acbf28788143543620

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Jun 2019 09:24:11 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "f68-58c227dd247ff-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 1205

GET
H/1.1 200
OK IcedID-Malware-01.jpg
labs.k7computing.com/wp-content/uploads/2023/01/ 158 KB
158 KB 4ms
3ms Image
image/jpeg 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/IcedID-Malware-01.jpg
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 32cd24ea122ca0c0cf39fc344dada48ba06ecba5bb733563c2af57579f9992e6

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Mon, 02 Jan 2023 07:03:47 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "2764f-5f1428d8028f6"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=85
Content-Length: 161359

GET
H/1.1 200
OK Feature-Image.jpg
labs.k7computing.com/wp-content/uploads/2023/01/ 188 KB
188 KB 5ms
4ms Image
image/jpeg 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/Feature-Image.jpg
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 465b1668887471f44db3ba92ce5028fc000bd5ab4ed7e32b164ab81c172c33b5

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Mon, 23 Jan 2023 06:52:47 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "2ef47-5f2e8d8cfa3b9"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 192327

GET
H2 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v29/ 32 KB
32 KB 23ms
7ms Font
font/woff2 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v29/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68d37d474952b1fbe30def1b69e63e79c46a70263433285783b69ac0107b929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://labs.k7computing.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 17:48:26 GMT
x-content-type-options: nosniff
age: 968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32796
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:41:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Nov 2024 17:48:26 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v12/ 18 KB
19 KB 18ms
4ms Font
font/woff2 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v12/JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e43d592d0aa592f24ad510ef3f453a51bba24a9534a07a55a9685b4d4b3f2cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.k7computing.com/
Origin: https://labs.k7computing.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 18:24:13 GMT
x-content-type-options: nosniff
age: 603621
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18728
x-xss-protection: 0
last-modified: Tue, 07 Nov 2017 15:24:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Nov 2024 18:24:13 GMT

GET
H2 200 XRXW3I6Li01BKofAnsSUYevI.woff2
fonts.gstatic.com/s/nunito/v9/ 19 KB
19 KB 18ms
5ms Font
font/woff2 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v9/XRXW3I6Li01BKofAnsSUYevI.woff2

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63a4fc5c8be608dda743ef429579e70c4d2f63e826f9a669ee0b7481a5a6088a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.k7computing.com/
Origin: https://labs.k7computing.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:03:52 GMT
x-content-type-options: nosniff
age: 42
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19336
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Nov 2024 18:03:52 GMT

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v9/ 19 KB
19 KB 27ms
14ms Font
font/woff2 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v9/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0420bbe7ccf39972cf0d8840155a57ba498afad2bcca98f0834ef2d80d646bed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.k7computing.com/
Origin: https://labs.k7computing.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:34 GMT
x-content-type-options: nosniff
age: 0
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19600
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:05:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Nov 2024 18:04:34 GMT

GET
H2 200 XRXW3I6Li01BKofAjsOUYevI.woff2
fonts.gstatic.com/s/nunito/v9/ 19 KB
19 KB 21ms
9ms Font
font/woff2 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v9/XRXW3I6Li01BKofAjsOUYevI.woff2

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/wp-content/themes/k7security/style.css?ver=5.8.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65affc2090809c430437d54d5d413fb1e803e5cfb42e80a14318839abf604be5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.k7computing.com/
Origin: https://labs.k7computing.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 23:25:36 GMT
x-content-type-options: nosniff
age: 585538
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19748
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:06:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Nov 2024 23:25:36 GMT

GET
H3 200 fontawesome-webfont.woff2
netdna.bootstrapcdn.com/font-awesome/4.3.0/fonts/ 55 KB
56 KB 197ms
187ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
Origin: https://labs.k7computing.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1110
cdn-cachedat: 06/19/2023 21:05:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 56780
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: "97493d3f11c0a3bd5cbd959f5d19b699"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: ab3efecd89657cbc267a08287f38e98a
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 8271a83c985d493b-SIN
cdn-requestpullsuccess: True

GET
H/1.1 200
OK fa-solid-900.woff2
labs.k7computing.com/wp-content/plugins/social-share-button/assets/global/webfonts/ 73 KB
73 KB 4ms
4ms Font
application/octet-stream 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.k7computing.com/wp-content/plugins/social-share-button/assets/global/webfonts/fa-solid-900.woff2
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/wp-content/plugins/social-share-button/assets/global/css/fontawesome-5.min.css?ver=5.8.8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2

Request headers

Referer: https://labs.k7computing.com/wp-content/plugins/social-share-button/assets/global/css/fontawesome-5.min.css?ver=5.8.8
Origin: https://labs.k7computing.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Fri, 17 Mar 2023 05:16:44 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "1226c-5f711aee7e9a0"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=84
Content-Length: 74348

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 249 KB
86 KB 17ms
17ms Script
application/javascript 2404:6800:4003:c1a::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ENJBCHMS18&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-151201792-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ad1d7acfc0994b85c23bd777c449f36b3f52217481ad3e40019e8f2c251f8b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87444
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Nov 2023 18:04:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 19ms
6ms Script
text/javascript 2404:6800:4003:c0f::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-151201792-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c0f::66 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 17:13:46 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3048
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 16 Nov 2023 19:13:46 GMT

GET
H/1.1 200
OK Figure1.png
labs.k7computing.com/wp-content/uploads/2023/01/ 108 KB
108 KB 6ms
5ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/Figure1.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 392a151242c91f77903a87c154cc4b1746999f058ff65bbdca4aa16971d8e2cb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Wed, 04 Jan 2023 03:59:49 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "1af59-5f168373e0cee"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=83
Content-Length: 110425

GET
H/1.1 200
OK Figure2.png
labs.k7computing.com/wp-content/uploads/2023/01/ 18 KB
18 KB 4ms
3ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/Figure2.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 2bf89602077094e33e2a1a0469adb4e698207172725f775e82df290c72f66d4c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Wed, 04 Jan 2023 04:00:38 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "4888-5f1683a27ca7c"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 18568

GET
H/1.1 200
OK Figure3.png
labs.k7computing.com/wp-content/uploads/2023/01/ 20 KB
20 KB 5ms
4ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/Figure3.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 8527e7898d3db6116dcc4135019900ee8d7524b2c6a4661d9d496bdc6f3ca4aa

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Wed, 04 Jan 2023 04:01:26 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "4fbc-5f1683d0d4208"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 20412

GET
H/1.1 200
OK Figure4.png
labs.k7computing.com/wp-content/uploads/2023/01/ 70 KB
70 KB 8ms
7ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/Figure4.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 40369d11179ee9607915ffbcd4bde73abb71ee0795e9288f75fa820c52609afa

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Wed, 04 Jan 2023 04:02:15 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "117f4-5f1683ff1907d"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 71668

GET
H/1.1 200
OK Figure5.png
labs.k7computing.com/wp-content/uploads/2023/01/ 34 KB
34 KB 8ms
8ms Image
image/png 172.104.56.202
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.k7computing.com/wp-content/uploads/2023/01/Figure5.png
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.104.56.202 Singapore, Singapore, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: li1636-202.members.linode.com
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 21b1aee508d9800c994b9eddaad8fa2ddb6bf5e92d7e9a4932380d6fc3a194df

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 18:04:34 GMT
Last-Modified: Wed, 04 Jan 2023 04:03:01 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "86ad-5f16842b68f05"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 34477

GET
H2 200 webengage-min-v-6.0.js Show response
ssl.widgets.webengage.com/js/ 311 KB
88 KB 40ms
13ms Script
application/javascript 2606:4700::6812:1c93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js
Requested by: Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26b18dfdffb2abf880a73e501fc722741f12187db786f31e0e96c33c74c5d759

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:34 GMT
via: 1.1 3faed3e1eaaa99404e46d74533c7bb48.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: HIT
x-amz-cf-pop: HKG62-C1
age: 1710
x-cache: Hit from cloudfront
last-modified: Tue, 14 Nov 2023 06:07:36 GMT
server: cloudflare
etag: W/"65530ea8-4dbb7"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8271a83d1fc3408b-SIN
x-amz-cf-id: XWiyiVPuqel7HlEqrQiZYVE6wHfhH_O7lr_2Ns2tBn3-tayneWelAg==
expires: Thu, 16 Nov 2023 21:36:04 GMT

GET
H2 200 storage-frame-1.18.htm Show response
aa13266b.webengage.co/ Frame F1E6 3 KB
2 KB 36ms
4ms Document
text/html 2600:9000:2003:8a00:8:cf94:88c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aa13266b.webengage.co/storage-frame-1.18.htm?cdn=y&cbf=webengage-engagement-callback-frame&lc=aa13266b
Requested by: Host: ssl.widgets.webengage.com
URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2003:8a00:8:cf94:88c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 16c8ad014e255e48470f6856e3ac20f6050865f72e971417501057d4aeaddd98

Request headers

Referer: https://labs.k7computing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

access-control-allow-origin: *
age: 3073
cache-control: max-age=14400
content-encoding: gzip
content-type: text/html
date: Thu, 16 Nov 2023 17:13:21 GMT
etag: W/"60b76f62-d60"
expires: Thu, 16 Nov 2023 21:13:21 GMT
last-modified: Wed, 02 Jun 2021 11:45:38 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 f5171077d7910626ec3cf65e0c222f3c.cloudfront.net (CloudFront)
x-amz-cf-id: wuDDqwuwLUVTfR2nAFJ1GE6-WH2_tfkW79vwwi7Ta2299A3wLkQNJA==
x-amz-cf-pop: SIN2-C1
x-cache: Hit from cloudfront

POST
H2 204 collect
analytics.google.com/g/ 0
258 B 23ms
4ms Ping
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-ENJBCHMS18&gtm=45je3b81v9136790193&_p=1700157874583&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=374002337.1700157875&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1700157874&sct=1&seg=0&dl=https%3A%2F%2Flabs.k7computing.com%2Findex.php%2Fpupy-rat-hiding-under-werfaults-cover%2F&dt=Pupy%20RAT%20hiding%20under%20WerFault%E2%80%99s%20cover%20-%20K7%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1948
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ENJBCHMS18&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 18:04:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.k7computing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
258 B 16ms
5ms Ping
text/plain 2404:6800:4003:c1c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ENJBCHMS18&cid=374002337.1700157875&gtm=45je3b81v9136790193&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ENJBCHMS18&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c1c::9d Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 18:04:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.k7computing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.sg/ads/ 42 B
409 B 19ms
8ms Image
image/gif 2404:6800:4003:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ENJBCHMS18&cid=374002337.1700157875&gtm=45je3b81v9136790193&aip=1&dma=0&gcd=11l1l1l1l1&z=191362802

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c06::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 18:04:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
211 B 5ms
4ms XHR
text/plain 2404:6800:4003:c0f::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=85670492&t=pageview&_s=1&dl=https%3A%2F%2Flabs.k7computing.com%2Findex.php%2Fpupy-rat-hiding-under-werfaults-cover%2F&ul=en-us&de=UTF-8&dt=Pupy%20RAT%20hiding%20under%20WerFault%E2%80%99s%20cover%20-%20K7%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1522837752&gjid=649881586&cid=374002337.1700157875&tid=UA-151201792-1&_gid=764334784.1700157875&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma=0&jsscut=1&z=1840178944

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c0f::66 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.k7computing.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 18:04:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.k7computing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 8 B
156 B 5ms
4ms XHR
text/plain 2404:6800:4003:c1c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-151201792-1&cid=374002337.1700157875&jid=1522837752&gjid=649881586&_gid=764334784.1700157875&_u=YADAAUAAAAAAACAAI~&z=1953826575

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1c::9d Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

17bd1c297a7fd1221272d080053f887bb97c03bfc16d6f96bdd7f08bf87dbbd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.k7computing.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 16 Nov 2023 18:04:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.k7computing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
409 B 19ms
9ms Image
image/gif 2404:6800:4003:c1c::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-151201792-1&cid=374002337.1700157875&jid=1522837752&_u=YADAAUAAAAAAACAAI~&z=1097794343

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1c::93 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 18:04:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.sg/ads/ 42 B
108 B 8ms
7ms Image
image/gif 2404:6800:4003:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-151201792-1&cid=374002337.1700157875&jid=1522837752&_u=YADAAUAAAAAAACAAI~&z=1097794343

Requested by

Host: labs.k7computing.com
URL: https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c06::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 18:04:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v4.js Show response
wsdk-files.webengage.com/webengage/aa13266b/ Frame F1E6 5 KB
2 KB 1033ms
1026ms Script
application/x-javascript 2606:4700::6812:1c93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdk-files.webengage.com/webengage/aa13266b/v4.js
Requested by: Host: aa13266b.webengage.co
URL: https://aa13266b.webengage.co/storage-frame-1.18.htm?cdn=y&cbf=webengage-engagement-callback-frame&lc=aa13266b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ff70fb7aa3340db427f011646f56c67a4a05a044d9023dc1e83fb20f1db2817

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aa13266b.webengage.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:36 GMT
content-encoding: gzip
via: 1.1 1c20fd4ecd6ab2f80432e8e32dafb792.cloudfront.net (CloudFront)
x-amz-version-id: WdG8QYdMq_7Lcu4ZFhEPZjWxMVdDAnHI
cf-cache-status: REVALIDATED
x-amz-cf-pop: SIN52-P1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
content-length: 1487
last-modified: Wed, 08 Nov 2023 20:31:17 GMT
server: cloudflare
etag: "3419745b88d924fbd29be7eb420354af"
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
cache-control: public, max-age=60, must-revalidate
accept-ranges: bytes
cf-ray: 8271a83ee962408b-SIN
x-amz-cf-id: 8fyAlgVDL2piBQf2yvDJYT4H_G_yUgWttjzZ1mSfRM88uz_fH2iPlw==

GET
H2 200 upf.js Show response
c.webengage.com/ 631 B
1 KB 756ms
250ms Script
application/javascript 72.44.42.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://c.webengage.com/upf.js?lp=https%3A%2F%2Flabs.k7computing.com%2Findex.php%2Fpupy-rat-hiding-under-werfaults-cover%2F&rf=&geo=y&jsonp=_we_jsonp_global_cb_1700157876061

Requested by

Host: ssl.widgets.webengage.com
URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

72.44.42.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-72-44-42-191.compute-1.amazonaws.com

Software

Resource Hash

ddf1493eefc3e86e63655835b3274f9db441bd50f65ab1c15f94bd4949c2e2c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-length: 631
x-xss-protection: 1; mode=block
pragma: no-cache
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding
access-control-allow-headers: X-Requested-With,content-type
expires: 0

GET
H2 200 3k9e6g8.js Show response
wsdk-files.webengage.com/webengage/aa13266b/ 2 KB
954 B 30ms
30ms Script
application/x-javascript 2606:4700::6812:1c93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdk-files.webengage.com/webengage/aa13266b/3k9e6g8.js?r=1542094780000
Requested by: Host: ssl.widgets.webengage.com
URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0af25132cf0d8d149724771051caa8d020d70892a8bcf6a60199afcd3ff93f52

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://labs.k7computing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 18:04:36 GMT
content-encoding: gzip
via: 1.1 a372f2a2c858a55a472ec9d3d1c6b816.cloudfront.net (CloudFront)
x-amz-version-id: null
cf-cache-status: MISS
x-amz-cf-pop: SIN52-C2
x-cache: Hit from cloudfront
content-length: 696
last-modified: Tue, 13 Nov 2018 13:09:41 GMT
server: cloudflare
etag: "2f448c6334e2cf4b7b1a7f0f1bc17260"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 8271a84a2c54408b-SIN
x-amz-cf-id: 3PDYyttcIChoen2UAtjGuuLgzFXbiw6HXz01o-1W1Zf_gED9557NXQ==

POST
H2 200 l4.jpg
c.webengage.com/ 43 B
399 B 250ms
250ms Ping
image/gif 72.44.42.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://c.webengage.com/l4.jpg

Requested by

Host: ssl.widgets.webengage.com
URL: https://ssl.widgets.webengage.com/js/webengage-min-v-6.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

72.44.42.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-72-44-42-191.compute-1.amazonaws.com

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.k7computing.com/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 16 Nov 2023 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-download-options: noopen
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,content-type
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.k7computing.com/	1970-01-21 01:51:57	Name: _ga_ENJBCHMS18 Value: GS1.1.1700157874.1.0.1700157874.60.0.0
.k7computing.com/	1970-01-21 01:51:57	Name: _ga Value: GA1.2.374002337.1700157875
.k7computing.com/	1970-01-20 16:17:24	Name: _gid Value: GA1.2.764334784.1700157875
.k7computing.com/	1970-01-20 16:15:57	Name: _gat_gtag_UA_151201792_1 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa13266b.webengage.co
analytics.google.com
c.webengage.com
cdn.datatables.net
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
labs.k7computing.com
netdna.bootstrapcdn.com
ssl.widgets.webengage.com
stats.g.doubleclick.net
wsdk-files.webengage.com
www.google-analytics.com
www.google.com
www.google.com.sg
www.googletagmanager.com
172.104.56.202
2001:4860:4802:34::181
2404:6800:4003:c01::5f
2404:6800:4003:c06::5e
2404:6800:4003:c0f::66
2404:6800:4003:c1a::5e
2404:6800:4003:c1a::61
2404:6800:4003:c1c::93
2404:6800:4003:c1c::9d
2600:9000:2003:8a00:8:cf94:88c0:93a1
2606:4700:10::6816:325d
2606:4700::6812:1c93
2606:4700::6812:acf
2a04:4e42::649
72.44.42.191
030c093b9400829c094b726288cdbcaea6793f15b59780040311ca57b163ecd7
0420bbe7ccf39972cf0d8840155a57ba498afad2bcca98f0834ef2d80d646bed
0904e1a75f5118bc15dd59c1a82194731cecdaddae7d10a5523c0456066bbbe4
0af25132cf0d8d149724771051caa8d020d70892a8bcf6a60199afcd3ff93f52
0f5b5b27c5e9a2ec48a5c7f83927d49fe8d2845dd32a9d6676114724c05ab3da
16c8ad014e255e48470f6856e3ac20f6050865f72e971417501057d4aeaddd98
17bd1c297a7fd1221272d080053f887bb97c03bfc16d6f96bdd7f08bf87dbbd5
1ad1d7acfc0994b85c23bd777c449f36b3f52217481ad3e40019e8f2c251f8b1
21b1aee508d9800c994b9eddaad8fa2ddb6bf5e92d7e9a4932380d6fc3a194df
26b18dfdffb2abf880a73e501fc722741f12187db786f31e0e96c33c74c5d759
2bf89602077094e33e2a1a0469adb4e698207172725f775e82df290c72f66d4c
2ec1d2032daf47da420abf0f0e67ab2654648aabdda55e89e6da392b6158c382
2ff70fb7aa3340db427f011646f56c67a4a05a044d9023dc1e83fb20f1db2817
30d34ec0cc697b071d3a96bdc0e8d8c985da2070c340b4fa947eebfebc8e9594
316ed91f4a89cc5df8310da8bea2dca87a9891df9ed8b59ae7800d4440207d17
32cd24ea122ca0c0cf39fc344dada48ba06ecba5bb733563c2af57579f9992e6
340277869a89746ff06a46d7a773d8b87708a32da1669635ddafec18aaea1ed3
392a151242c91f77903a87c154cc4b1746999f058ff65bbdca4aa16971d8e2cb
3e43d592d0aa592f24ad510ef3f453a51bba24a9534a07a55a9685b4d4b3f2cb
40369d11179ee9607915ffbcd4bde73abb71ee0795e9288f75fa820c52609afa
465b1668887471f44db3ba92ce5028fc000bd5ab4ed7e32b164ab81c172c33b5
4adc581731385cb8a760566d8f8a6f004989325a1574d46a335ffcb7e0931e2f
4e0de8e05abf4df68de7e9433c3003367a4570ef279d8c3c2c9de78545dfcf9e
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
543714c91ccb2334b7a55050649f0d5690ec45b548fe3dcf51fd8bed61798ab4
55e2d079ffefd94a06d895269a9aa51c25331c0bfc7e7541a6b903402fea588f
618d62ceaca1223e16de2c8939a1963a95c34b0ac75852f835f93e5b42f20871
628b726ea1355ff18a46fe4123d12bd685df1c559389e5c156d4d3686fb6774c
63a4fc5c8be608dda743ef429579e70c4d2f63e826f9a669ee0b7481a5a6088a
65affc2090809c430437d54d5d413fb1e803e5cfb42e80a14318839abf604be5
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6908560be100bd8571559b8f6a6010fabaffe65197769df075f80c493614b4aa
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd
6b172a8b7556bb06b638d9680458038bb86a3034a9134559d2458d88eb97357c
6f361479c4c0dcc4d25a12b11c00433997eb6524e8828969e8c566c58a34b6a8
8527e7898d3db6116dcc4135019900ee8d7524b2c6a4661d9d496bdc6f3ca4aa
865292a6ccb6e3a91f40fc1a3827ab96315fc36c3ee53cc5a2ca684d256b7b30
96c54f392e93fdbe96d44b810423cd458ae254520f6546b5f42703bb020eeb65
96cf7868ea942c789ea8c2f728992116800ee02cd3259e52ce3854c725ddd18b
9b64af17935159b99b0d25c43790547477cb859531dad4acbf28788143543620
9f266703b40b04b279432112f20fc52488493407f28bd6b0f6ed550c5ad243b4
a9a593700f199e327e1dc0ab745e30d99659e7f0dafa63de7bea0fe0b3ae10fb
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ab3dc0045616cf94a5a6cbc3f39499e93716a40b072dd02d01f8e028aa6e5030
aee4bc8bf9fcc6c4189eb0cb70862d67c02fddc7cbdda348b3acc92dd16886f7
b0089bce367c4a2cb11f1331937ffaf60a173750355d896eb038d43c5e6ff10c
b097fc537417d8d61ff97190359ed4290ce5ce5fd0b59884ab2af1f0a30353a4
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b76c5d79c454c6fd45687f9813b352a29509bba8860e37784cabe7f3e10b70cb
b796504d9b1b422f0dc6ccc2d740ac78a8c9e5078cc3934836d39742b1121925
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c8389c6bf147c2c920c5063c08e2d895c8846cb34c50eb95b4db33bc2d4ec52b
d6c3f4d02b23415a47a6b76ea46d842742d00950dfea69b14be58c0d49bef917
d7903a717a8b1125ad31ef9a2dcae8d7af8c7806eb3e7d608639e382c854a5e0
ddf1493eefc3e86e63655835b3274f9db441bd50f65ab1c15f94bd4949c2e2c3
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed36e2939292383b8688e2c83857e13f8ee9e542ba875c33c3c085488fd32a17
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f68d37d474952b1fbe30def1b69e63e79c46a70263433285783b69ac0107b929
f6af0bc7a108f87a05981a9ae50a218c2aee3a296ca5e85ec8bc1d5aab65ee82
f9db1b06a7cfcabc0a842a496f6af2ab20c2e9aa6482210313b3c1588f4a066a
fd1c45b8b1cd955550af27b4f9c79a47cfce0536568d9ab86d2a410724a81acb
fd70087414a7e4c7ef31d20590f05c713a88264fcfdbaf7aba3ffd06da8c3b11

labs.k7computing.com Open in urlscan Pro 172.104.56.202 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

69 Requests

100 %HTTPS

87 %IPv6

13 Domains

16 Subdomains

15 IPs

2 Countries

4635 kBTransfer

7440 kBSize

4 Cookies

62 Outgoing links

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

labs.k7computing.com Open in urlscan Pro
172.104.56.202 Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

100 %
HTTPS

87 %
IPv6

13
Domains

16
Subdomains

15
IPs

2
Countries

4635 kB
Transfer

7440 kB
Size

4
Cookies

69 HTTP transactions
0 data transactions