blog.netlab.360.com Open in urlscan Pro
36.110.234.55 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Submission: On June 30 via api (June 30th 2021, 7:41:59 pm UTC) from US

Summary HTTP 76 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 16 domains to perform 76 HTTP transactions. The main IP is 36.110.234.55, located in Nangangwa, China and belongs to CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN. The main domain is blog.netlab.360.com.
TLS certificate: Issued by WoTrus DV Server CA [Run by the Issuer] on January 26th 2021. Valid for: a year.

This is the only time blog.netlab.360.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	36.110.234.55 36.110.234.55	23724 (CHINANET-...) (CHINANET-IDC-BJ-AP IDC)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
13	2600:9000:210... 2600:9000:2104:600:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
3	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:a00d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::200d	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5	151.101.112.64 151.101.112.64	54113 (FASTLY) (FASTLY)
2 3	65.9.77.70 65.9.77.70	16509 (AMAZON-02) (AMAZON-02)
5 8	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
3 3	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1 2	52.212.225.58 52.212.225.58	16509 (AMAZON-02) (AMAZON-02)
3 3	185.33.221.11 185.33.221.11	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
76	18

31 36.110.234.55 (Nangangwa, China)

ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN)

blog.netlab.360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

blog-netlab-360.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:2104:600:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.64.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a00d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.112.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

glitter.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.77.70 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.244.174.68 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

ejp.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.225.58 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-225-58.eu-west-1.compute.amazonaws.com

io.narrative.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.11 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	360.com blog.netlab.360.com	819 KB
16	disquscdn.com c.disquscdn.com a.disquscdn.com	548 KB
11	disqus.com blog-netlab-360.disqus.com disqus.com glitter.services.disqus.com referrer.disqus.com links.services.disqus.com	60 KB
8	rlcdn.com 5 redirects ejp.rlcdn.com idsync.rlcdn.com	3 KB
4	google.com apis.google.com accounts.google.com	40 KB
3	adnxs.com 3 redirects ib.adnxs.com	3 KB
3	doubleclick.net 3 redirects cm.g.doubleclick.net	783 B
3	rezync.com 2 redirects live.rezync.com	2 KB
2	rfihub.com 2 redirects p.rfihub.com	2 KB
2	narrative.io 1 redirects io.narrative.io	776 B
2	viglink.com cdn.viglink.com	600 B
2	facebook.net connect.facebook.net	76 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	gstatic.com ssl.gstatic.com	40 KB
1	facebook.com www.facebook.com
1	jquery.com code.jquery.com	30 KB
76	16

	Domain	Requested by
31	blog.netlab.360.com	blog.netlab.360.com
13	c.disquscdn.com	blog-netlab-360.disqus.com disqus.com c.disquscdn.com
6	idsync.rlcdn.com	3 redirects c.disquscdn.com live.rezync.com
4	links.services.disqus.com	c.disquscdn.com blog.netlab.360.com
4	disqus.com	blog-netlab-360.disqus.com c.disquscdn.com
3	ib.adnxs.com	3 redirects
3	cm.g.doubleclick.net	3 redirects
3	live.rezync.com	2 redirects c.disquscdn.com
3	a.disquscdn.com	blog.netlab.360.com c.disquscdn.com
2	p.rfihub.com	2 redirects
2	io.narrative.io	1 redirects blog.netlab.360.com
2	ejp.rlcdn.com	2 redirects
2	accounts.google.com	apis.google.com ssl.gstatic.com
2	cdn.viglink.com	blog.netlab.360.com
2	apis.google.com	c.disquscdn.com apis.google.com
2	connect.facebook.net	c.disquscdn.com connect.facebook.net
2	www.google-analytics.com	blog.netlab.360.com www.google-analytics.com
1	referrer.disqus.com	blog.netlab.360.com
1	glitter.services.disqus.com	c.disquscdn.com
1	ssl.gstatic.com	accounts.google.com
1	www.facebook.com	c.disquscdn.com
1	blog-netlab-360.disqus.com	blog.netlab.360.com
1	code.jquery.com	blog.netlab.360.com
76	23

This site contains links to these domains. Also see Links.

Domain
twitter.com
feedly.com
pastebin.com
github.com
d.heheda.tk
img0.cloudappconfig.com
api.github.com
img1.cloudappconfig.com
img2.cloudappconfig.com
www.liuxiaobei.com
helegedada.github.io
198.204.231.250
dd.heheda.tk
dd.cloudappconfig.com
d.cloudappconfig.com
c.cloudappconfig.com
f.cloudappconfig.com
t.cloudappconfig.com
v.cloudappconfig.com
www.facebook.com
ghost.org

Subject Issuer	Validity	Valid
*.netlab.360.com WoTrus DV Server CA [Run by the Issuer]	`2021-01-26` - `2022-01-26`	a year	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
a.disquscdn.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
ssl418259.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2021-04-06` - `2021-10-13`	6 months	crt.sh
accounts.google.com GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-26` - `2022-05-28`	a year	crt.sh
*.rezync.com Amazon	`2021-01-26` - `2022-02-23`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.narrative.io Amazon	`2021-04-07` - `2022-05-06`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Frame ID: 92F087F03A8411B2EEC093928B5AE6EB
Requests: 46 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
Frame ID: 0E98BAAAC3FAE2F3D3B76A084DA805C9
Requests: 24 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 2C53451FC46699AD0C953F3FEC1A7459
Requests: 3 HTTP requests in this frame

Frame: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c4m0snh3mftqb&pctry=CH&referrer=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
Frame ID: 17BB480A864E913D7FE0E7C898112E41
Requests: 3 HTTP requests in this frame

Frame: https://idsync.rlcdn.com/362358.gif?google_gid=CAESELgvyHUOmIemMHhV-XbO1XM&google_cver=1
Frame ID: 3D74F861140379938B5B49C450088F67
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ghost (Blogs) Expand

Overall confidence: 100%
Detected patterns

meta generator /Ghost(?:\s([\d.]+))?/i

Node.js (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /Ghost(?:\s([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

76
Requests

100 %
HTTPS

45 %
IPv6

16
Domains

23
Subdomains

18
IPs

5
Countries

1634 kB
Transfer

2612 kB
Size

4
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/360Netlab
Title:

Search URL Search Domain Scan URL

URL: https://feedly.com/i/subscription/feed/https://blog.netlab.360.com/rss/
Title:

Search URL Search Domain Scan URL

URL: http://pastebin.com/
Title: Pastebin.com

Search URL Search Domain Scan URL

URL: http://github.com/
Title: GitHub.com

Search URL Search Domain Scan URL

URL: https://d.heheda.tk/%s.png
Title: https://d.heheda.tk/%s.png

Search URL Search Domain Scan URL

URL: https://img0.cloudappconfig.com/%s.png
Title: https://img0.cloudappconfig.com/%s.png

Search URL Search Domain Scan URL

URL: https://api.github.com/repos/helegedada/heihei
Title: https://api.github.com/repos/helegedada/heihei

Search URL Search Domain Scan URL

URL: https://img1.cloudappconfig.com/%s.png
Title: https://img1.cloudappconfig.com/%s.png

Search URL Search Domain Scan URL

URL: https://pastebin.com/raw/vSDzq3Md
Title: https://pastebin.com/raw/vSDzq3Md

Search URL Search Domain Scan URL

URL: https://img2.cloudappconfig.com/%s.png
Title: https://img2.cloudappconfig.com/%s.png

Search URL Search Domain Scan URL

URL: http://www.liuxiaobei.com/
Title: www.liuxiaobei.com

Search URL Search Domain Scan URL

URL: https://github.com/viruscamp/luadec
Title: 1]

Search URL Search Domain Scan URL

URL: https://helegedada.github.io/test/test
Title: https://helegedada.github.io/test/test

Search URL Search Domain Scan URL

URL: http://198.204.231.250/linux-x64
Title: http://198.204.231.250/linux-x64

Search URL Search Domain Scan URL

URL: http://198.204.231.250/linux-x86
Title: http://198.204.231.250/linux-x86

Search URL Search Domain Scan URL

URL: https://dd.heheda.tk/i.jpg
Title: https://dd.heheda.tk/i.jpg

Search URL Search Domain Scan URL

URL: https://dd.heheda.tk/i.sh
Title: https://dd.heheda.tk/i.sh

Search URL Search Domain Scan URL

URL: https://dd.heheda.tk/x86_64-static-linux-uclibc.jpg
Title: https://dd.heheda.tk/x86_64-static-linux-uclibc.jpg

Search URL Search Domain Scan URL

URL: https://dd.heheda.tk/i686-static-linux-uclibc.jpg
Title: https://dd.heheda.tk/i686-static-linux-uclibc.jpg

Search URL Search Domain Scan URL

URL: https://dd.cloudappconfig.com/i.jpg
Title: https://dd.cloudappconfig.com/i.jpg

Search URL Search Domain Scan URL

URL: https://dd.cloudappconfig.com/i.sh
Title: https://dd.cloudappconfig.com/i.sh

Search URL Search Domain Scan URL

URL: https://dd.cloudappconfig.com/x86_64-static-linux-uclibc.jpg
Title: https://dd.cloudappconfig.com/x86_64-static-linux-uclibc.jpg

Search URL Search Domain Scan URL

URL: https://dd.cloudappconfig.com/arm-static-linux-uclibcgnueabi.jpg
Title: https://dd.cloudappconfig.com/arm-static-linux-uclibcgnueabi.jpg

Search URL Search Domain Scan URL

URL: https://dd.cloudappconfig.com/i686-static-linux-uclibc.jpg
Title: https://dd.cloudappconfig.com/i686-static-linux-uclibc.jpg

Search URL Search Domain Scan URL

URL: http://d.cloudappconfig.com/i686-w64-mingw32/Satan.exe
Title: http://d.cloudappconfig.com/i686-w64-mingw32/Satan.exe

Search URL Search Domain Scan URL

URL: http://d.cloudappconfig.com/x86_64-static-linux-uclibc/Satan
Title: http://d.cloudappconfig.com/x86_64-static-linux-uclibc/Satan

Search URL Search Domain Scan URL

URL: http://d.cloudappconfig.com/i686-static-linux-uclibc/Satan
Title: http://d.cloudappconfig.com/i686-static-linux-uclibc/Satan

Search URL Search Domain Scan URL

URL: http://d.cloudappconfig.com/arm-static-linux-uclibcgnueabi/Satan
Title: http://d.cloudappconfig.com/arm-static-linux-uclibcgnueabi/Satan

Search URL Search Domain Scan URL

URL: https://d.cloudappconfig.com/mipsel-static-linux-uclibc/Satan
Title: https://d.cloudappconfig.com/mipsel-static-linux-uclibc/Satan

Search URL Search Domain Scan URL

URL: http://d.cloudappconfig.com/
Title: d.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://dd.cloudappconfig.com/
Title: dd.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://c.cloudappconfig.com/
Title: c.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://f.cloudappconfig.com/
Title: f.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://t.cloudappconfig.com/
Title: t.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://v.cloudappconfig.com/
Title: v.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://img0.cloudappconfig.com/
Title: img0.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://img1.cloudappconfig.com/
Title: img1.cloudappconfig.com

Search URL Search Domain Scan URL

URL: http://img2.cloudappconfig.com/
Title: img2.cloudappconfig.com

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=An%20Analysis%20of%20Godlua%20Backdoor&url=https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Title:

Search URL Search Domain Scan URL

URL: https://ghost.org/
Title: Ghost

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://ejp.rlcdn.com/501709.html HTTP 307
https://ejp.rlcdn.com/1000.gif?memo=CM3PHhoNCPaR84YGEgUI6AcQAEIASgA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESELgvyHUOmIemMHhV-XbO1XM&google_cver=1

Request Chain 69

https://io.narrative.io/?companyId=19&id=disqus_id%3Ac4m0snh3mftqb&ret=img&ref=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=3223bc01-d9db-11eb-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac4m0snh3mftqb&ret=img&ref=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F

Request Chain 74

https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID HTTP 302
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=1611672620408573533 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=1&userid=9aa8618a-d942-4c05-a4ef-a027a24819e0%3A1625082103.3&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D9aa8618a-d942-4c05-a4ef-a027a24819e0%253A1625082103.3 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=9aa8618a-d942-4c05-a4ef-a027a24819e0%3A1625082103.3 HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=1611672620408573533

Request Chain 75

https://p.rfihub.com/cm?pub=39342&in=1&userid=a6f336b9-aa3a-4b44-8c2b-5526c8ba1145%3A1625082102.72&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab1986e4ee8c5c88c54c%26pid%3D%7Buserid%7D HTTP 302
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=1871878971255493542 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=7f073854-8ecc-4e1c-8121-0692624cf377%3A1625082103.27 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CM3PHhI8CjgIARAFGjI3ZjA3Mzg1NC04ZWNjLTRlMWMtODEyMS0wNjkyNjI0Y2YzNzc6MTYyNTA4MjEwMy4yNxAAGg0I95HzhgYSBQjoBxAAQgBKAA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm=&google_tc= HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEMU85ZZykxeyuTrc8uIPkgE&google_cver=1

76 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/ 42 KB
12 KB 1079ms
274ms Document
text/html 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

7b55b2d33ffd66704abd223876066dc12a016f8133027f9e40778eba05c3cdcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: blog.netlab.360.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx/1.9.15
Date: Wed, 30 Jun 2021 19:41:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Cache-Control: public, max-age=0
ETag: W/"a8ea-br3GRjIWOjxbCetNugsPHgNVNAE"
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK screen.css
blog.netlab.360.com/assets/built/ 35 KB
8 KB 373ms
372ms Stylesheet
text/css 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.netlab.360.com/assets/built/screen.css?v=db215a41fd

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

d821f29d80bfc3257dd3bf5dbf1874ccaa53d82fca4bdc8a511b9f3efc8560c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:40 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 15 Feb 2019 10:23:47 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"8a18-168f0af010f"
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/css; charset=UTF-8
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

GET
H/1.1 200
OK ghost-sdk.min.js Show response
blog.netlab.360.com/public/ 755 B
1 KB 535ms
179ms Script
application/javascript 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.netlab.360.com/public/ghost-sdk.min.js?v=db215a41fd

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

325eb6e77112f8b1dd52ab8f04cc03f5168de5acac9d2a586dc48902a26bc151

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:40 GMT
ETag: "00d80f04e37de537a53adfbb0977af50"
Server: nginx/1.9.15
X-Powered-By: Express
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 755

GET
H/1.1 200
OK netlab-brand-5.png
blog.netlab.360.com/content/images/2019/02/ 21 KB
21 KB 437ms
437ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/02/netlab-brand-5.png

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

d47ffdd0ca768158458845a42c746c6058867c5ce02cdb01c1858bb29aedc630

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Thu, 21 Feb 2019 10:23:06 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"5286-1690f94873b"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21126

GET
H/1.1 200
OK brief.PNG
blog.netlab.360.com/content/images/2019/06/ 158 KB
159 KB 607ms
349ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/brief.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

c9769b954f61ca82969ce24deed8a8c04df5c57801f22e30b1b041a70af0a118

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:38:19 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"2790e-16b9d3c3fd4"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 162062

GET
H/1.1 200
OK v1.PNG
blog.netlab.360.com/content/images/2019/06/ 38 KB
38 KB 650ms
319ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/v1.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

2ed8987e06bf1169237e0b06dc8a648ca8538df61d393e43cb587b5cb6bd911b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:40:10 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"96f1-16b9d3deeeb"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 38641

GET
H/1.1 200
OK 1-1.PNG
blog.netlab.360.com/content/images/2019/06/ 12 KB
13 KB 518ms
186ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/1-1.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

c42709a4fdc84df15841ccad9b9ff83c1e82c5d369d20a3c813462c79947ca2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:37:20 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"30d3-16b9d3b56d0"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12499

GET
H/1.1 200
OK 2-4.PNG
blog.netlab.360.com/content/images/2019/06/ 49 KB
50 KB 679ms
343ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/2-4.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

06f84cad67ea4dd9fea18e75f31e7dba749ac5c440a91539e0f7000aa5a4d287

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:37:26 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"c54f-16b9d3b6d84"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50511

GET
H/1.1 200
OK 3-3.PNG
blog.netlab.360.com/content/images/2019/06/ 25 KB
25 KB 484ms
389ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/3-3.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

838bfc5e183926cd12db869e43d8036612a340f381977099b7842582b61494c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:37:30 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"638e-16b9d3b7d48"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25486

GET
H/1.1 200
OK 4-3.PNG
blog.netlab.360.com/content/images/2019/06/ 27 KB
27 KB 362ms
361ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/4-3.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

04a0f2e41d93e68977374991f4d3ef39fe32ad77816ff407c25b293fa244954c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:37:40 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"6a06-16b9d3ba484"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27142

GET
H/1.1 200
OK 5-2.PNG
blog.netlab.360.com/content/images/2019/06/ 12 KB
12 KB 205ms
205ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/5-2.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

3a8b8c3ebb29d732e157bb32899af49dc0054bbb3cdc94d02cfa6dc4d1887e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:37:44 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"2e33-16b9d3bb3c7"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11827

GET
H/1.1 200
OK godlua.PNG
blog.netlab.360.com/content/images/2019/06/ 70 KB
70 KB 386ms
386ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/godlua.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

0a8b7497d98fc2fcc957cbb708b3af0191c82824a58be25bb708e318496e7e5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Fri, 28 Jun 2019 08:39:40 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"11651-16b9d3d7908"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 71249

GET
H/1.1 200
OK 8-2.PNG
blog.netlab.360.com/content/images/2019/06/ 19 KB
20 KB 637ms
636ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/8-2.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

2d1d7dbab6c3f75a996cf03050670c7f58ea80977b84a42cee70378fc564b353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:38:00 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"4d63-16b9d3bf5c3"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19811

GET
H/1.1 200
OK 9.PNG
blog.netlab.360.com/content/images/2019/06/ 10 KB
10 KB 388ms
386ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/9.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

f6f52ade026c1153cf1410b95fb2fb479b350f28c2a34dd00483bed791c9f630

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:38:04 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"261d-16b9d3c0448"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9757

GET
H/1.1 200
OK a-2.PNG
blog.netlab.360.com/content/images/2019/06/ 4 KB
5 KB 351ms
350ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/a-2.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

44aa42d62e6ba393765b454438f1cd2df3574c705c95c6820e360389798cb1c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:38:08 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"1190-16b9d3c138a"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4496

GET
H/1.1 200
OK b-2.PNG
blog.netlab.360.com/content/images/2019/06/ 3 KB
4 KB 233ms
233ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/b-2.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

b04f779eeb70cf311580b4c5d794a61a07d67a491c69ee682842a462988e86ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:38:12 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"d61-16b9d3c23bb"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3425

GET
H/1.1 200
OK dnstxt.PNG
blog.netlab.360.com/content/images/2019/06/ 79 KB
79 KB 196ms
196ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/dnstxt.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

f1220d8583c31fe4a891081e27b0b6e822af1b3b6fda852971a140e0c7b77638

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:39:05 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"13b35-16b9d3cf3cf"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 80693

GET
H/1.1 200
OK c-2.PNG
blog.netlab.360.com/content/images/2019/06/ 2 KB
2 KB 209ms
208ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/c-2.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

357ebefd042dd9c20c8f2873e92d79e0343dcd5515964f93b35be607465f86d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:38:24 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"744-16b9d3c5167"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1860

GET
H/1.1 200
OK d-2.PNG
blog.netlab.360.com/content/images/2019/06/ 2 KB
3 KB 184ms
183ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/d-2.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

7a382b84d5574ce96d22172c424b433c69d1f87058c7642830c484413575faa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:38:29 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"8a8-16b9d3c6607"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2216

GET
H/1.1 200
OK e.PNG
blog.netlab.360.com/content/images/2019/06/ 66 KB
67 KB 342ms
341ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/e.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

b45bea269de2ea974a2790ccd4ce83a0c41ac6e0691e43b5de906ea05ff4a53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:39:12 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"1089d-16b9d3d0bed"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 67741

GET
H/1.1 200
OK f.PNG
blog.netlab.360.com/content/images/2019/06/ 8 KB
9 KB 171ms
170ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/f.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

931836f56a6436b0a6a5451f9d3e2398c9e9c02bed29bad32a1e778d0a836b85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:39:16 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"216e-16b9d3d1e1c"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8558

GET
H/1.1 200
OK g.PNG
blog.netlab.360.com/content/images/2019/06/ 6 KB
7 KB 200ms
200ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/g.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

01c7358f0bfd0fada6b654b32e85556189b88e79f603c78c8ef90a17f68254da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:39:20 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"1977-16b9d3d2e8a"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6519

GET
H/1.1 200
OK h.PNG
blog.netlab.360.com/content/images/2019/06/ 43 KB
43 KB 189ms
189ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/h.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

9e0582bda8b93d5d8d3a29f2f7b43d22a7d8704680008af7338717b57e97ac2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:39:46 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"aa05-16b9d3d92b9"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43525

GET
H/1.1 200
OK j.PNG
blog.netlab.360.com/content/images/2019/06/ 39 KB
39 KB 220ms
220ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/j.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

c0ba535ea561acbf5496d840afc0b7125afc35057772960a65cb92cf0780c64e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:39:55 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"9a62-16b9d3db6df"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 39522

GET
H/1.1 200
OK k.PNG
blog.netlab.360.com/content/images/2019/06/ 13 KB
13 KB 176ms
175ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/k.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

d63e21d6bdb52d5aeff046c8c8877080e1398dfc52a6a9b7553003562bdb7ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:40:00 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"3226-16b9d3dc739"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12838

GET
H/1.1 200
OK l.PNG
blog.netlab.360.com/content/images/2019/06/ 36 KB
37 KB 176ms
176ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/2019/06/l.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

ee984a2bb8fb040df101003833f076f0d0bc985cf8fc1cfd7994049360b6cb10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Fri, 28 Jun 2019 08:40:04 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"90cf-16b9d3dd9ed"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 37071

GET
H/1.1 200
OK turing.PNG
blog.netlab.360.com/content/images/size/w100/2019/06/ 19 KB
20 KB 170ms
169ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/size/w100/2019/06/turing.PNG

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

d29114fa21b4015dc83aca8357cdfe6220cb1168dc0978ceb1138cfae32df1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Cookie: _ga=GA1.2.848911724.1625082101; _gid=GA1.2.726306064.1625082101; _gat=1
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Last-Modified: Sat, 29 Jun 2019 07:34:41 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"4d85-16ba2285994"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19845

GET
H/1.1 200
OK 1662072805.jpg
blog.netlab.360.com/content/images/size/w100/2017/10/ 2 KB
2 KB 167ms
166ms Image
image/jpeg 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/size/w100/2017/10/1662072805.jpg

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

bdf0772071c7e0d8b5a284152be10569e2f3ee6a77488b9d0494cefbbfee568d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:43 GMT
Last-Modified: Fri, 15 Feb 2019 05:20:56 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"6c4-168ef99bd9c"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1732

GET
H/1.1 200
OK netlab_xs-2.png
blog.netlab.360.com/content/images/size/w30/2019/02/ 2 KB
2 KB 182ms
179ms Image
image/png 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/size/w30/2019/02/netlab_xs-2.png

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

4b5a3702b2a13d962a0998ce7b341e19198e5b9278bf67f9ec3db979ee942e86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Last-Modified: Thu, 21 Feb 2019 10:21:51 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"825-1690f93643e"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2085

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 22ms
8ms Script
application/javascript 2001:4de0:ac18::1:a:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Origin: https://blog.netlab.360.com
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 19:41:40 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2017 19:01:15 GMT
server: nginx
etag: W/"58d026fb-15283"
vary: Accept-Encoding
x-hw: 1625082100.dop010.fr8.t,1625082100.cds264.fr8.hc,1625082100.cds133.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30125

GET
H/1.1 200
OK jquery.fitvids.js Show response
blog.netlab.360.com/assets/built/ 2 KB
1 KB 393ms
392ms Script
application/javascript 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.netlab.360.com/assets/built/jquery.fitvids.js?v=db215a41fd

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

1b560f221a3ee06277331e405b956b384d5ef7830a643b4e0c257189b7adf887

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 15 Feb 2019 10:23:47 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"778-168f0af010f"
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 92
date: Wed, 30 Jun 2021 19:40:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Wed, 30 Jun 2021 21:40:08 GMT

GET
H/1.1 200
OK embed.js Show response
blog-netlab-360.disqus.com/ 75 KB
25 KB 257ms
207ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://blog-netlab-360.disqus.com/embed.js

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

d463238419ab14bc6b12b2303d18543d336a11b64deb32c70b7b5fbfe453b317

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24718

GET
H/1.1 200
OK astronomy-constellation-dark-998641-4.jpg
blog.netlab.360.com/content/images/size/w600/2019/02/ 22 KB
23 KB 183ms
183ms Image
image/jpeg 36.110.234.55
CHINANET-IDC-BJ-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.netlab.360.com/content/images/size/w600/2019/02/astronomy-constellation-dark-998641-4.jpg

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

36.110.234.55 Nangangwa, China, ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN),

Reverse DNS

Software

nginx/1.9.15 / Express

Resource Hash

f70dcec0f2c1d351acf79ed157c212e3e914d8a4f3549183cab7bae441b0a506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: blog.netlab.360.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Connection: keep-alive
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:43 GMT
Last-Modified: Thu, 21 Feb 2019 10:24:31 GMT
Server: nginx/1.9.15
X-Powered-By: Express
ETag: W/"59cf-1690f95d555"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22991

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
210 B 14ms
13ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=194376740&t=pageview&_s=1&dl=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&ul=en-us&de=UTF-8&dt=An%20Analysis%20of%20Godlua%20Backdoor&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1406726398&gjid=1718232956&cid=848911724.1625082101&tid=UA-83587830-1&_gid=726306064.1625082101&_r=1&_slc=1&z=1597459320

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 30 Jun 2021 19:41:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.netlab.360.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.567531e1abfac5c88f2ef94b952d12ba.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 55ms
15ms Other
text/css 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Requested by

Host: blog-netlab-360.disqus.com
URL: https://blog-netlab-360.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991492
x-cache: Hit from cloudfront
content-length: 25570
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-63e2"
content-type: text/css; charset=utf-8
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: GNfvdCp9TRHrUw_TWO-ZlowcE7Ox7Xf6k0OG_HJkhyB1RYuUUYmiKQ==
x-cache-hits: 0

GET
H2 200 common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js
c.disquscdn.com/next/embed/ 0
93 KB 56ms
16ms Other
application/javascript 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Requested by

Host: blog-netlab-360.disqus.com
URL: https://blog-netlab-360.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991492
x-cache: Hit from cloudfront
content-length: 94800
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-17250"
content-type: application/javascript; charset=utf-8
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: Wz2nWzsP2QZZ6y9bGyV-aAbxqpkWoS-Z4c0aHfj4cmnbXLp2btIXAQ==
x-cache-hits: 0

GET
H2 200 lounge.bundle.152a1430e3267673ea556dc28bb34a79.js
c.disquscdn.com/next/embed/ 0
118 KB 81ms
41ms Other
application/javascript 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.152a1430e3267673ea556dc28bb34a79.js

Requested by

Host: blog-netlab-360.disqus.com
URL: https://blog-netlab-360.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:34:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4034
x-cache: Hit from cloudfront
content-length: 120424
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 30 Jun 2021 17:42:54 GMT
server: nginx
etag: "60dcad1e-1d668"
content-type: application/javascript; charset=utf-8
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
expires: Thu, 30 Jun 2022 18:34:27 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: kdYASNxVj-WnonhRHEqMXGY673mBBDMUOIg_DvhcLwCsoSqkMvtLiA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
12 KB 58ms
17ms Other
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: blog-netlab-360.disqus.com
URL: https://blog-netlab-360.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 24
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 12153
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 0E98 8 KB
4 KB 177ms
177ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default

Requested by

Host: blog-netlab-360.disqus.com
URL: https://blog-netlab-360.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d896df2e6da9c9c493aacec6256fed08ad6a814fed5ebeefd90885f52cb41468

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Response headers

Connection: keep-alive
Content-Length: 3118
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified: Tue, 13 Aug 2019 08:11:45 GMT
ETag: W/"lounge:view:7508068600.23b33277e5132f04e00c9537b39622d8.2"
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy: no-referrer-when-downgrade
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Wed, 30 Jun 2021 19:41:41 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 lounge.load.e34a397b02545d73e126b1219e8f0e66.js Show response
c.disquscdn.com/next/embed/ Frame 0E98 1 KB
1 KB 44ms
13ms Script
application/javascript 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.e34a397b02545d73e126b1219e8f0e66.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2a5db92958908a603c87c0cbd7b153ed3e3bab026021791f60ac4b59151b66a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:34:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4034
x-cache: Hit from cloudfront
content-length: 534
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 30 Jun 2021 17:42:54 GMT
server: nginx
etag: "60dcad1e-216"
content-type: application/javascript; charset=utf-8
via: 1.1 682270ef163d219cc7a50d1af232b97f.cloudfront.net (CloudFront)
expires: Thu, 30 Jun 2022 18:34:27 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: CoYCHv1xHhqNE5sZ7s8K3c-Eo8t1xhvJNIvqs1LMcaSWs__aBEfT2w==
x-cache-hits: 0

GET
H2 200 common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js Show response
c.disquscdn.com/next/embed/ Frame 0E98 282 KB
93 KB 14ms
13ms Script
application/javascript 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.e34a397b02545d73e126b1219e8f0e66.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2025b295509745f39f42f941f1f806395a81e23e146febbff2e85e00df651b93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991492
x-cache: Hit from cloudfront
content-length: 94800
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-17250"
content-type: application/javascript; charset=utf-8
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: k7W9fLXQnj7OJQuOA_6mydihh2aRaKvHRVth8a3TcozR_Lq4B2oxUg==
x-cache-hits: 0

GET
H2 200 lounge.567531e1abfac5c88f2ef94b952d12ba.css
c.disquscdn.com/next/embed/styles/ Frame 0E98 158 KB
26 KB 13ms
13ms Stylesheet
text/css 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

58e8635e959ce8b5383dcbf9dd50fda2f6a0aeef426760854dfdb2548a3b77fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1991492
x-cache: Hit from cloudfront
content-length: 25570
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-63e2"
content-type: text/css; charset=utf-8
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: aK9DfcbFmQjt9tm0toxxqo6e_vRsYPvuFbGg4H9aUah3AGuHNH6sBg==
x-cache-hits: 0

GET
H2 200 lounge.bundle.152a1430e3267673ea556dc28bb34a79.js Show response
c.disquscdn.com/next/embed/ Frame 0E98 467 KB
118 KB 13ms
13ms Script
application/javascript 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.152a1430e3267673ea556dc28bb34a79.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

68c7b10b9e138d7566b7dca1e763b39ac59731e790101a34b74e14f556175d6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:34:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4034
x-cache: Hit from cloudfront
content-length: 120424
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 30 Jun 2021 17:42:54 GMT
server: nginx
etag: "60dcad1e-1d668"
content-type: application/javascript; charset=utf-8
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
expires: Thu, 30 Jun 2022 18:34:27 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: geeLD2vF9DatpjCsKKNVYD8oNh7oUBXnXop8z2zaTmEM9vkeeqGQqw==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 0E98 12 KB
12 KB 20ms
20ms Script
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

992caeeef5c8ce8d12cd5bfa0aef3922f4013d082f147e886d847ac071991a9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:41 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 24
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 12153
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 0E98 3 KB
3 KB 127ms
126ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=blog-netlab-360&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7a7c7c83aa720a5499b3cc5a5968e0dc71d14e2988f3a8ba1d50a17de7d2985a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3003
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 0E98 2 KB
2 KB 65ms
17ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 19:41:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 18:53:57 GMT
server: nginx
age: 172632
etag: "60d4d4c5-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: 6tstZudMz1Mgb5HvxZYYB9aU1vfHMCB1lcqMcUSEuSzn3tDKQQxhdA==
expires: Wed, 28 Jul 2021 19:44:30 GMT

GET
DATA 200
OK truncated
/ Frame 0E98 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 0E98 13 KB
13 KB 22ms
21ms Image
image/svg+xml 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 08:39:51 GMT
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 5396510
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Fri, 29 Apr 2022 08:39:51 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 1upruW_U7n0hJncFhiJiGu5I3a3ZKsYqAiFeuI_3n7qYtMS0xv3XXA==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 0E98 3 KB
3 KB 20ms
20ms Image
image/gif 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 01:01:22 GMT
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 4992020
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Wed, 04 May 2022 01:01:22 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 4MQa8GVCO4dP1INlu2xkFAppFIU41YGgTx1S4LQeKvd2Z8_gGKKF2Q==
x-cache-hits: 0

GET
H2 200 sprite.654110a9206fd22f08cca0798e34a65e.png
c.disquscdn.com/next/embed/assets/img/ Frame 0E98 2 KB
2 KB 20ms
20ms Image
image/png 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.654110a9206fd22f08cca0798e34a65e.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 01:17:18 GMT
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 4818264
x-cache: Hit from cloudfront
content-length: 1862
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-746"
content-type: image/png
access-control-allow-origin: *
expires: Fri, 06 May 2022 01:17:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: HL2rHMvrVU5nP5aMNoLPlXDI3KZ1v9i-FUJgV8oJfuMo1PdYspYR6w==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 0E98 8 KB
8 KB 15ms
15ms Font
application/octet-stream 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 05:29:27 GMT
via: 1.1 682270ef163d219cc7a50d1af232b97f.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 4803135
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Fri, 06 May 2022 05:29:27 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 1MQKKaFcP83ycPq9the_Hz6L7C43D_A51TE8Lgc6Vqb52Xdy9FwJHw==
x-cache-hits: 0

GET
H2 200 alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js Show response
c.disquscdn.com/next/embed/ 78 KB
27 KB 14ms
13ms Script
application/javascript 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js

Requested by

Host: blog-netlab-360.disqus.com
URL: https://blog-netlab-360.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 21:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4917928
x-cache: Hit from cloudfront
content-length: 26578
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-67d2"
content-type: application/javascript; charset=utf-8
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
expires: Wed, 04 May 2022 21:36:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: mSnXbfvjqdulW5yluSQYcdBQIYpjK3xjQd2Os5rdLyypfZvY4J2fhA==
x-cache-hits: 0

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 0E98 2 KB
2 KB 18ms
18ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.152a1430e3267673ea556dc28bb34a79.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 19:41:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 18:53:57 GMT
server: nginx
age: 172632
etag: "60d4d4c5-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: 6tstZudMz1Mgb5HvxZYYB9aU1vfHMCB1lcqMcUSEuSzn3tDKQQxhdA==
expires: Wed, 28 Jul 2021 19:44:30 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 0E98 3 KB
2 KB 12ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3597f5b430a170367f24c28e5575e60c045de919bebf95313e328a9617fb6b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Uc62UYhoI/rU9U0FoSdOog==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: Ga/Ug1X1mnR9WS5poy25azgieQ1zDf0Ruds9KQnOP/KwUddIYo1mUkvKE1shfIapIHSlulBZGk6GbzG10iCjEw==
x-fb-trip-id: 686109401
x-fb-content-md5: 097a31308210b5164fc2e713f1fd3a9d
x-frame-options: DENY
date: Wed, 30 Jun 2021 19:41:42 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "19451f5e29ce9a95a7154e4801ec3a3c"
timing-allow-origin: *
expires: Wed, 30 Jun 2021 19:44:13 GMT

GET
H2 200 api.js Show response
apis.google.com/js/ Frame 0E98 12 KB
5 KB 30ms
26ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a04dc65730d3624eb34c304548dcf1ab841c048ca5c76e450596e8c3ba47e7b7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zVzja2xU9TCIeY6muOnS0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 19:41:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "bbfe0ebc68359b1002f7b657f59a0b9a"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-zVzja2xU9TCIeY6muOnS0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Wed, 30 Jun 2021 19:41:42 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 0E98 13 KB
13 KB 14ms
13ms Image
image/svg+xml 2600:9000:2104:600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 08:39:51 GMT
via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 5396511
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Fri, 29 Apr 2022 08:39:51 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: le0IHgXwVWcR7cdcOZKV2y61GxFxGsMdIiscn8KSJWdpdOQzPU02TA==
x-cache-hits: 0

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
127 B 72ms
51ms Image
image/gif 2606:4700::6810:a00d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=5.757587364508082
Requested by: Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a00d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 19:41:42 GMT
cf-cache-status: HIT
age: 4
cf-ray: 6679dfa2fadc4e5b-FRA
content-length: 43
x-amz-id-2: pMKguQPpwTprnkBouPC+bayQrVoLCHZ6TrT0OgWZdfwvxczOfNycx8DBPVGD9kavO0wDreinU127ASoHSbVa+Q==
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 9XASVBPZZ8WMPQ1Y
cache-control: max-age=15, must-revalidate
cf-request-id: 0b000a19e000004e5bd10ae000000001
accept-ranges: bytes
content-type: image/gif

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
473 B 56ms
35ms Image
image/gif 2606:4700::6810:a00d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=5.757587364508082
Requested by: Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a00d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 19:41:42 GMT
cf-cache-status: HIT
age: 4
cf-ray: 6679dfa2fae24e5b-FRA
content-length: 43
x-amz-id-2: pMKguQPpwTprnkBouPC+bayQrVoLCHZ6TrT0OgWZdfwvxczOfNycx8DBPVGD9kavO0wDreinU127ASoHSbVa+Q==
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 9XASVBPZZ8WMPQ1Y
cache-control: max-age=15, must-revalidate
cf-request-id: 0b000a19e100004e5b10943000000001
accept-ranges: bytes
content-type: image/gif

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 0E98 252 KB
74 KB 9ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=cb942ebce9c157346fbddad8866d8056

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eecc6537644b5c9ae198eb5146835b577372598d37d326b6d5f98a3eaa49e8c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: QPhwZ63cdICkBW8CrJUEbQ==
cross-origin-resource-policy: cross-origin
expires: Thu, 30 Jun 2022 17:44:05 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 75452
x-fb-rlafr: 0
x-fb-debug: Gif+4maSN70r9H3770wmFwHro8lI4aOUDBmROadSZ5kXTME6OvFIxsgsTQwcNGgSUlJqHto7TcsmUn9nRzBPsQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
x-fb-content-md5: 35b813c369d97166a389ce2520bb6b2a
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 30 Jun 2021 19:41:42 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "2ff74abdc489ee95f2530a23674f0c5b"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/ Frame 0E98 102 KB
34 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66dc84eff4279521a92d581a7d875df3382a15620944aee348c0fac4b87646f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 15:14:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102421
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34654
x-xss-protection: 0
last-modified: Tue, 15 Jun 2021 19:21:40 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 15:14:41 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 2C53 513 B
657 B 18ms
17ms Document
text/html 2a00:1450:4001:827::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

87375b195f282d93bcebc2370eaaee063b3a4e9d437c90fecd1871813c73c3e3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZTdHDqZ+RlWopFUkEjcKRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/iframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=218=kwpZ1zN2GZ5zrvMj7OQlCBErE6v1lSYgJ40w9kVS1VVUd6Df28Fscq_ChWFcW9wCpw9UlvGmbYQJj6TFGlNrD3zs6yJhSfPiwEkEtcq5LIpgD-fduWhJtBPsyPdevnUUfqcohry8hqUSKHH_-i-tP2GJSVCKYQBSC5N0OE6uPYU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default

Response headers

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 30 Jun 2021 19:41:42 GMT
content-language: en-US
content-security-policy: script-src 'report-sample' 'nonce-ZTdHDqZ+RlWopFUkEjcKRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 status
www.facebook.com/x/oauth/ Frame 0E98 0
0 121ms
121ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fblog.netlab.360.com&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dblog-netlab-360%26t_i%3Dghost-5d1987ea0bbc140007c57cf0%26t_u%3Dhttps%253A%252F%252Fblog.netlab.360.com%252Fan-analysis-of-godlua-backdoor-en%252F%26t_d%3DAn%2520Analysis%2520of%2520Godlua%2520Backdoor%26t_t%3DAn%2520Analysis%2520of%2520Godlua%2520Backdoor%26s_o%3Ddefault%23version%3De34a397b02545d73e126b1219e8f0e66&sdk=joey&wants_cookie_data=false

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net;font-src *.gstatic.com *.facebook.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co https://facebook.com;frame-src *.doubleclick.net *.google.com;report-uri https://www.facebook.com/csp/reporting/;
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 9us4kGhahWeZGRshqTPo/jdlud4xN7jUse+DfuKrE5XQaDht0GouZ5kGT1DSfNEeqdujlMk7FWorxxihoGYTFw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 30 Jun 2021 19:41:42 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://disqus.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 1716170664-idpiframe.js Show response
ssl.gstatic.com/accounts/o/ Frame 2C53 116 KB
40 KB 31ms
11ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/1716170664-idpiframe.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dc7ba03dc94c1c92328a99cf06b8830081e8c9753076d5d16865cd507021944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 15:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102676
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40360
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 00:30:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 15:10:26 GMT

GET
H3-29 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 2C53 14 B
58 B 28ms
24ms XHR
application/json 2a00:1450:4001:827::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/1716170664-idpiframe.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XmlHttpRequest

Response headers

date: Wed, 30 Jun 2021 19:41:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 30 Jun 2021 20:41:42 GMT

GET
H/1.1 200
OK / Show response
glitter.services.disqus.com/urls/ Frame 0E98 421 B
743 B 170ms
125ms Script
application/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://glitter.services.disqus.com/urls/?callback=dsqGlitterResponseHandler&forum_shortname=blog-netlab-360&thread_id=7508068600&referer=

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

e8657bc00283f690441e91875323a9c0169acfd445b828f9fffcc4ec2e152a8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: openresty
X-Frame-Options: DENY
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: no-cache
transfer-encoding: chunked
X-Service: glitter
Content-Disposition: attachment; filename=f.txt
Strict-Transport-Security: max-age=300; includeSubdomains
Vary: Accept-Encoding, Cookie

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 0E98 2 KB
2 KB 18ms
17ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.152a1430e3267673ea556dc28bb34a79.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 19:41:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 18:53:57 GMT
server: nginx
age: 172633
etag: "60d4d4c5-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: 6tstZudMz1Mgb5HvxZYYB9aU1vfHMCB1lcqMcUSEuSzn3tDKQQxhdA==
expires: Wed, 28 Jul 2021 19:44:30 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 0E98 43 B
295 B 157ms
115ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=500&event=init_embed&thread=7508068600&forum=blog-netlab-360&forum_id=4524066&imp=4m0snevc47rfs&prev_imp&thread_slug=an_analysis_of_godlua_backdoor&user_type=anon&referrer=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&theme=next&dnt=0&tracking_enabled=1&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Requested by

Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 pixel.html Show response
live.rezync.com/ Frame 17BB 507 B
1 KB 234ms
166ms Document
text/html 65.9.77.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c4m0snh3mftqb&pctry=CH&referrer=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: lighttpd/1.4.33 /
Resource Hash: 1cad8214c6a7c6cd30b17e9f5ed78da846d1c1c0ffe5a1835c3283b0d0f78e80

Request headers

:method: GET
:authority: live.rezync.com
:scheme: https
:path: /pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c4m0snh3mftqb&pctry=CH&referrer=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default

Response headers

content-type: text/html; charset=utf-8
content-length: 507
date: Wed, 30 Jun 2021 19:41:42 GMT
server: lighttpd/1.4.33
set-cookie: zync-uuid=a6f336b9-aa3a-4b44-8c2b-5526c8ba1145:1625082102.72; Domain=rezync.com; Expires=Mon, 27-Dec-2021 12:41:42 GMT; Path=/; SameSite=None; Secure sd-session-id=.eJwVyrEOgjAUQNFfMW9mqMhE4gZDEx-EWGLqQgRqaPVVoSUihH8Xt3uTs0D1VgPdrLIeYj-MKoDmqbdzEC_QatePW0ETEXO2O9Dd9zWsATjlnH7ZSrd_t6s3I8WVcMZQmoeXl3SWZ8akKdhJdAaJ-0yU34wwkpROKIp9btIQTfnJEz5hwsds5kdY1x-6yzIp.E75adg.V-r3IwgqjqR9663oMKCMolY04F0; Expires=Mon, 27-Dec-2021 19:41:42 GMT; HttpOnly; Path=/; SameSite=None; Secure
x-cache: Miss from cloudfront
via: 1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: 07znulDejeert37upurAPuaU44Zlm84nRd6aLacDeTMCbqo5RYxXhg==

GET
H2

200

362358.gif Show response
idsync.rlcdn.com/ Frame 3D74
Redirect Chain

https://ejp.rlcdn.com/501709.html
https://ejp.rlcdn.com/1000.gif?memo=CM3PHhoNCPaR84YGEgUI6AcQAEIASgA
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESELgvyHUOmIemMHhV-XbO1XM&google_cver=1

42 B
318 B

28ms
26ms

Document
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESELgvyHUOmIemMHhV-XbO1XM&google_cver=1
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:method: GET
:authority: idsync.rlcdn.com
:scheme: https
:path: /362358.gif?google_gid=CAESELgvyHUOmIemMHhV-XbO1XM&google_cver=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: rlas3=iYTB5t+uM2a+hiQGDANhABM4pp16ADQ5eWmNjS2H1yg=; pxrc=CPaR84YGEgUI6AcQABIGCLrqARAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default

Response headers

cache-control: no-cache, no-store
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: rlas3=iYTB5t+uM2a+hiQGDANhABM4pp16ADQ5eWmNjS2H1yg=; Path=/; Domain=rlcdn.com; Expires=Thu, 30 Jun 2022 19:41:42 GMT; Secure; SameSite=None pxrc=CPaR84YGEgUI6AcQABIGCLrqARAA; Path=/; Domain=rlcdn.com; Expires=Sun, 29 Aug 2021 19:41:42 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Wed, 30 Jun 2021 19:41:42 GMT
content-length: 42
via: 1.1 google
alt-svc: clear

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESELgvyHUOmIemMHhV-XbO1XM&google_cver=1
date: Wed, 30 Jun 2021 19:41:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 289
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

/
io.narrative.io/ Frame 0E98
Redirect Chain

https://io.narrative.io/?companyId=19&id=disqus_id%3Ac4m0snh3mftqb&ret=img&ref=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
https://io.narrative.io/?io.narrative.guid.v2=3223bc01-d9db-11eb-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac4m0snh3mftqb&ret=img&ref=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-ba...

35 B
319 B

44ms
44ms

Image
image/gif

52.212.225.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=3223bc01-d9db-11eb-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac4m0snh3mftqb&ret=img&ref=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
Requested by: Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.225.58 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-225-58.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=blog-netlab-360&t_i=ghost-5d1987ea0bbc140007c57cf0&t_u=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F&t_d=An%20Analysis%20of%20Godlua%20Backdoor&t_t=An%20Analysis%20of%20Godlua%20Backdoor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 30 Jun 2021 19:41:42 GMT
Cache-Control: no-cache
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=3223bc01-d9db-11eb-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac4m0snh3mftqb&ret=img&ref=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
Date: Wed, 30 Jun 2021 19:41:42 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 299 B
736 B 100ms
58ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f02772a698b550dcfd664020ed973da875cee3bc37824507b51865fd45809fa1

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 19:41:42 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://blog.netlab.360.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 299
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync.gif
links.services.disqus.com/api/ 43 B
375 B 47ms
47ms Image
image/gif 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Requested by: Host: blog.netlab.360.com
URL: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 19:41:42 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 58 B
494 B 86ms
47ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5ed529a056cb35cdd1977926db136f72be405b1cb7679df32624db7631c0b637

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 19:41:42 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://blog.netlab.360.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 58
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 42 B
478 B 48ms
48ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 430506efbc9f2348a7b56463b1e110dc9570f6370c1ec341afeebbf9571ab4a9

Request headers

Referer: https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 19:41:43 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://blog.netlab.360.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

52154.gif
idsync.rlcdn.com/ Frame 17BB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=1611672620408573533
https://p.rfihub.com/cm?pub=39342&in=1&userid=9aa8618a-d942-4c05-a4ef-a027a24819e0%3A1625082103.3&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D9aa8618a-d942-4c05-a4ef-a027a24819e0%...
https://idsync.rlcdn.com/501709.gif?partner_uid=9aa8618a-d942-4c05-a4ef-a027a24819e0%3A1625082103.3
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=1611672620408573533

42 B
315 B

26ms
26ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=1611672620408573533
Requested by: Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c4m0snh3mftqb&pctry=CH&referrer=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Jun 2021 19:41:43 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

Pragma: no-cache
Date: Wed, 30 Jun 2021 19:41:43 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9e7fa82d-84b6-478d-932d-6af52a0fe771
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=1611672620408573533
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

362358.gif
idsync.rlcdn.com/ Frame 17BB
Redirect Chain

https://p.rfihub.com/cm?pub=39342&in=1&userid=a6f336b9-aa3a-4b44-8c2b-5526c8ba1145%3A1625082102.72&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab...
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=1871878971255493542
https://idsync.rlcdn.com/501709.gif?partner_uid=7f073854-8ecc-4e1c-8121-0692624cf377%3A1625082103.27
https://idsync.rlcdn.com/1000.gif?memo=CM3PHhI8CjgIARAFGjI3ZjA3Mzg1NC04ZWNjLTRlMWMtODEyMS0wNjkyNjI0Y2YzNzc6MTYyNTA4MjEwMy4yNxAAGg0I95HzhgYSBQjoBxAAQgBKAA
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm=&google_tc=
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEMU85ZZykxeyuTrc8uIPkgE&google_cver=1

42 B
315 B

27ms
27ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEMU85ZZykxeyuTrc8uIPkgE&google_cver=1
Requested by: Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c4m0snh3mftqb&pctry=CH&referrer=https%3A%2F%2Fblog.netlab.360.com%2Fan-analysis-of-godlua-backdoor-en%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 30 Jun 2021 19:41:43 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 30 Jun 2021 19:41:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEMU85ZZykxeyuTrc8uIPkgE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rlcdn.com/	1970-01-19 20:51:06	Name: pxrc Value: CPeR84YGEgUI6AcQABIGCLbqARAAEgYIuuoBEAA=
live.rezync.com/	1970-01-19 23:43:54	Name: sd-session-id Value: eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjp7IiBiIjoiT1dGaE9EWXhPR0V0WkRrME1pMDBZekExTFdFMFpXWXRZVEF5TjJFeU5EZ3hPV1V3T2pFMk1qVXdPREl4TURNdU13PT0ifX0.E75adw.6-L0nQvxp05JBAz58Mi0HuOZGKE
.rlcdn.com/	1970-01-20 04:10:18	Name: rlas3 Value: E2FnnHoTlck9LgD2WZ/axIDjbH3UGlEseqf16fOElaA=
.rezync.com/	1970-01-19 23:43:28	Name: zync-uuid Value: 9aa8618a-d942-4c05-a4ef-a027a24819e0:1625082103.3

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.disquscdn.com
accounts.google.com
apis.google.com
blog-netlab-360.disqus.com
blog.netlab.360.com
c.disquscdn.com
cdn.viglink.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
disqus.com
ejp.rlcdn.com
glitter.services.disqus.com
ib.adnxs.com
idsync.rlcdn.com
io.narrative.io
links.services.disqus.com
live.rezync.com
p.rfihub.com
referrer.disqus.com
ssl.gstatic.com
www.facebook.com
www.google-analytics.com
142.250.185.162
151.101.112.64
151.101.114.49
151.101.64.134
185.33.221.11
193.0.160.128
199.232.196.134
2001:4de0:ac18::1:a:2b
2600:9000:2104:600:6:8656:f5c0:93a1
2606:4700::6810:a00d
2a00:1450:4001:827::2003
2a00:1450:4001:827::200d
2a00:1450:4001:827::200e
2a00:1450:4001:82a::200e
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.244.174.68
36.110.234.55
52.212.225.58
65.9.77.70
01c7358f0bfd0fada6b654b32e85556189b88e79f603c78c8ef90a17f68254da
04a0f2e41d93e68977374991f4d3ef39fe32ad77816ff407c25b293fa244954c
06f84cad67ea4dd9fea18e75f31e7dba749ac5c440a91539e0f7000aa5a4d287
0a8b7497d98fc2fcc957cbb708b3af0191c82824a58be25bb708e318496e7e5b
1b560f221a3ee06277331e405b956b384d5ef7830a643b4e0c257189b7adf887
1cad8214c6a7c6cd30b17e9f5ed78da846d1c1c0ffe5a1835c3283b0d0f78e80
2025b295509745f39f42f941f1f806395a81e23e146febbff2e85e00df651b93
2a5db92958908a603c87c0cbd7b153ed3e3bab026021791f60ac4b59151b66a8
2d1d7dbab6c3f75a996cf03050670c7f58ea80977b84a42cee70378fc564b353
2dc7ba03dc94c1c92328a99cf06b8830081e8c9753076d5d16865cd507021944
2ed8987e06bf1169237e0b06dc8a648ca8538df61d393e43cb587b5cb6bd911b
325eb6e77112f8b1dd52ab8f04cc03f5168de5acac9d2a586dc48902a26bc151
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
357ebefd042dd9c20c8f2873e92d79e0343dcd5515964f93b35be607465f86d4
3597f5b430a170367f24c28e5575e60c045de919bebf95313e328a9617fb6b44
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
3a8b8c3ebb29d732e157bb32899af49dc0054bbb3cdc94d02cfa6dc4d1887e73
430506efbc9f2348a7b56463b1e110dc9570f6370c1ec341afeebbf9571ab4a9
44aa42d62e6ba393765b454438f1cd2df3574c705c95c6820e360389798cb1c8
4b5a3702b2a13d962a0998ce7b341e19198e5b9278bf67f9ec3db979ee942e86
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
58e8635e959ce8b5383dcbf9dd50fda2f6a0aeef426760854dfdb2548a3b77fb
5ed529a056cb35cdd1977926db136f72be405b1cb7679df32624db7631c0b637
66dc84eff4279521a92d581a7d875df3382a15620944aee348c0fac4b87646f1
68c7b10b9e138d7566b7dca1e763b39ac59731e790101a34b74e14f556175d6e
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7a382b84d5574ce96d22172c424b433c69d1f87058c7642830c484413575faa9
7a7c7c83aa720a5499b3cc5a5968e0dc71d14e2988f3a8ba1d50a17de7d2985a
7b55b2d33ffd66704abd223876066dc12a016f8133027f9e40778eba05c3cdcc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
838bfc5e183926cd12db869e43d8036612a340f381977099b7842582b61494c4
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
87375b195f282d93bcebc2370eaaee063b3a4e9d437c90fecd1871813c73c3e3
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
931836f56a6436b0a6a5451f9d3e2398c9e9c02bed29bad32a1e778d0a836b85
992caeeef5c8ce8d12cd5bfa0aef3922f4013d082f147e886d847ac071991a9e
9e0582bda8b93d5d8d3a29f2f7b43d22a7d8704680008af7338717b57e97ac2e
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a04dc65730d3624eb34c304548dcf1ab841c048ca5c76e450596e8c3ba47e7b7
b04f779eeb70cf311580b4c5d794a61a07d67a491c69ee682842a462988e86ca
b45bea269de2ea974a2790ccd4ce83a0c41ac6e0691e43b5de906ea05ff4a53a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bdf0772071c7e0d8b5a284152be10569e2f3ee6a77488b9d0494cefbbfee568d
c0ba535ea561acbf5496d840afc0b7125afc35057772960a65cb92cf0780c64e
c42709a4fdc84df15841ccad9b9ff83c1e82c5d369d20a3c813462c79947ca2d
c9769b954f61ca82969ce24deed8a8c04df5c57801f22e30b1b041a70af0a118
cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d29114fa21b4015dc83aca8357cdfe6220cb1168dc0978ceb1138cfae32df1b6
d463238419ab14bc6b12b2303d18543d336a11b64deb32c70b7b5fbfe453b317
d47ffdd0ca768158458845a42c746c6058867c5ce02cdb01c1858bb29aedc630
d63e21d6bdb52d5aeff046c8c8877080e1398dfc52a6a9b7553003562bdb7ae1
d821f29d80bfc3257dd3bf5dbf1874ccaa53d82fca4bdc8a511b9f3efc8560c9
d896df2e6da9c9c493aacec6256fed08ad6a814fed5ebeefd90885f52cb41468
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8657bc00283f690441e91875323a9c0169acfd445b828f9fffcc4ec2e152a8c
ee984a2bb8fb040df101003833f076f0d0bc985cf8fc1cfd7994049360b6cb10
eecc6537644b5c9ae198eb5146835b577372598d37d326b6d5f98a3eaa49e8c3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02772a698b550dcfd664020ed973da875cee3bc37824507b51865fd45809fa1
f1220d8583c31fe4a891081e27b0b6e822af1b3b6fda852971a140e0c7b77638
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f6f52ade026c1153cf1410b95fb2fb479b350f28c2a34dd00483bed791c9f630
f70dcec0f2c1d351acf79ed157c212e3e914d8a4f3549183cab7bae441b0a506

blog.netlab.360.com Open in urlscan Pro 36.110.234.55 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

76 Requests

100 %HTTPS

45 %IPv6

16 Domains

23 Subdomains

18 IPs

5 Countries

1634 kBTransfer

2612 kBSize

4 Cookies

41 Outgoing links

Redirected requests

76 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.netlab.360.com Open in urlscan Pro
36.110.234.55 Public Scan

Screenshot
Live screenshot

Full Image

76
Requests

100 %
HTTPS

45 %
IPv6

16
Domains

23
Subdomains

18
IPs

5
Countries

1634 kB
Transfer

2612 kB
Size

4
Cookies

76 HTTP transactions
1 data transactions