decoded.avast.io Open in urlscan Pro
162.241.248.14 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Submission: On October 27 via api (October 27th 2020, 3:27:09 pm UTC) from PL

Summary HTTP 50 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 50 HTTP transactions. The main IP is 162.241.248.14, located in Brooklyn, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is decoded.avast.io.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 26th 2020. Valid for: 3 months.

This is the only time decoded.avast.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	162.241.248.14 162.241.248.14	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
50	7

29 162.241.248.14 (Brooklyn, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: wp2.bluehost.com

decoded.avast.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh4.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	avast.io decoded.avast.io	2 MB
14	googleusercontent.com lh6.googleusercontent.com lh4.googleusercontent.com lh3.googleusercontent.com	480 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	gstatic.com fonts.gstatic.com	46 KB
1	doubleclick.net stats.g.doubleclick.net	85 B
1	googleapis.com fonts.googleapis.com	550 B
50	6

	Domain	Requested by
29	decoded.avast.io	decoded.avast.io
6	lh6.googleusercontent.com	decoded.avast.io
5	lh3.googleusercontent.com	decoded.avast.io
3	lh4.googleusercontent.com	decoded.avast.io
3	www.google-analytics.com	decoded.avast.io www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	fonts.googleapis.com	decoded.avast.io
50	8

This site contains links to these domains. Also see Links.

Domain
avast.io
www.avast.com
blog.avast.com
www.conceiva.com
github.com
www.qt.io
gchq.github.io
wordpress.org

Subject Issuer	Validity	Valid
www.decoded.avast.io Let's Encrypt Authority X3	`2020-10-26` - `2021-01-24`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Frame ID: EE325206BCB9D654D9344023FA8EF811
Requests: 50 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

50
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

8
Subdomains

7
IPs

3
Countries

2244 kB
Transfer

2712 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://avast.io/
Title: More onAvast Inside Out

Search URL Search Domain Scan URL

URL: https://www.avast.com/en-us/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://blog.avast.com/fake-malwarebytes-installation-files-distributing-coinminer
Title: reported on a fake Malwarebytes installer

Search URL Search Domain Scan URL

URL: http://www.conceiva.com/products/downloadstudio/default.asp
Title: a download manager developed by Conceiva

Search URL Search Domain Scan URL

URL: https://github.com/pmezard/adblock
Title: adblock package

Search URL Search Domain Scan URL

URL: https://www.qt.io/
Title: Qt framework

Search URL Search Domain Scan URL

URL: https://gchq.github.io/CyberChef/#recipe=AES_Decrypt(%7B'option':'Hex','string':'cefd8928fd7411b4c9cef7ec35cc827c'%7D,%7B'option':'Hex','string':'260743d9b464883ecc7f144bfa06e36d'%7D,'CTR','Hex','Raw',%7B'option':'Hex','string':''%7D)JSON_Beautify('%20%20%20%20',false)&input=OWRlZTI3MjY0YjUyNGY4N2ZjMTA5MDUyYTU4OTg1NmNiMzgwMjRkOTM5ZTg4ZGRjYWUwMjdmODIyM2NkNzdiYjAzZmQwZWMwMzU0YTQ0OWE4Zjk5ZDhjZDFhZjI3NGY0ZDVmNTE1NDQwYmRkYWMzZTUwYmE2MjgzMjkxYzQ3MDVlMTBiYjBjZjgwODlmNTNhMGZhNDY3NzBmODMyMmE0NTU2YmQ4MTRiNDNlZGQ1ZmM2ODI4ZDg4NWQzYWYxNjYzMGQxMTNhMjEyYzdhNzViYmYxYjM2ZjQxNDZmNDEyNDcyYjZmY2ExZWJiOTkzMWUzNzBmNjQyNzMwMDc1MjJlOGE5ODM3Y2UyMDFmYzFiOWI4NTMxZmRmODE3MGEyZjE5ZTkxNzYzNTc3NmQ2ZTYxZTkzMzcyNzM4ODE5YmMxZTViZjZiMzc2ODIyZjcyZDEzYTRhZTdjMzZhZDAwZDMzZGQ3YjEwOGM5NWJlMDYwYTdmYWUyNjU0ZDRlMGI1M2ViMWU5MWY5M2FhMmI2OGNlMjFkYTdmNDJhYjc0YmMyMjExOTQ2MmQ2MzAyMTM1NTEyODdjMWU1NDA2OGFhNzVlYjYxMDc3MDJiNDJkZDRhOWFjY2JiYjI3Nw
Title: this CyberChef recipe

Search URL Search Domain Scan URL

URL: https://gchq.github.io/CyberChef/#recipe=HMAC(%7B'option':'Latin1','string':'JXaZy7brRJ'%7D,'SHA256')&input=MS5jZjA0YTdhOWM2N2ZhOGJhNTlkYWY4NmU3YjlmNDUyYQ
Title: HMAC-SHA256 authentication code of the X-Build-ID header

Search URL Search Domain Scan URL

URL: https://github.com/qt/qtbase/blob/315257eabea010bf697415cdc0f6ec1e29b74d2b/src/corelib/io/qresource.cpp
Title: Qt binary resource

Search URL Search Domain Scan URL

URL: https://github.com/avast/ioc/tree/master/FakeMBAM
Title: https://github.com/avast/ioc/tree/master/FakeMBAM

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: WordPress.org

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/ 145 KB
51 KB 2898ms
2227ms Document
text/html 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: e9aeefb16b3c0ef2afed8d77e52fcd696b92264c5ed8d897896b57efe63da01c

Request headers

:method: GET
:authority: decoded.avast.io
:scheme: https
:path: /janvojtesek/fakembam-backdoor-delivered-through-software-updates/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 27 Oct 2020 15:26:50 GMT
server: nginx/1.19.0
content-type: text/html; charset=UTF-8
link: <https://decoded.avast.io/wp-json/>; rel="https://api.w.org/", <https://decoded.avast.io/wp-json/wp/v2/posts/2217>; rel="alternate"; type="application/json", <https://decoded.avast.io/?p=2217>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
host-header: d3AuYmx1ZWhvc3QuY29t
x-server-cache: false

GET
H2 200 style.min.css
decoded.avast.io/wp-includes/css/dist/block-library/ 53 KB
10 KB 278ms
276ms Stylesheet
text/css 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-includes/css/dist/block-library/style.min.css?ver=5.5.1
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Tue, 01 Sep 2020 23:09:04 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: text/css
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 10450

GET
H2 200 css
fonts.googleapis.com/ 3 KB
550 B 19ms
17ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d97a7cf891b0c3f0448f17d5319aa621e66755fe12f23cd10b83830c2ac8a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 27 Oct 2020 15:26:50 GMT
server: ESF
date: Tue, 27 Oct 2020 15:26:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 27 Oct 2020 15:26:50 GMT

GET
H2 200 min.css
decoded.avast.io/wp-content/themes/johannes/assets/css/ 180 KB
43 KB 286ms
285ms Stylesheet
text/css 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 8b7f6b3b98d203b064eeb91445b8bfc6f5bec3a2e7b76af8a23a7cb6cd0d8add

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:19:20 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: text/css
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t

GET
H2 200 main.css
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/ 9 KB
2 KB 428ms
426ms Stylesheet
text/css 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/main.css?ver=1.2.1
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: a61e94c6cee47c0f689736d8b6d3a8ba98f9501a3e834b2cdedc374e4b88c6cf

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Wed, 17 Jul 2019 11:03:00 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: text/css
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 1995

GET
H2 200 frontend.min.js Show response
decoded.avast.io/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 9 KB
3 KB 285ms
284ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=7.12.2
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Mon, 10 Aug 2020 23:31:20 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 3153

GET
H2 200 jquery.js Show response
decoded.avast.io/wp-includes/js/jquery/ 95 KB
42 KB 421ms
420ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:02:11 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 662
date: Tue, 27 Oct 2020 15:15:48 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Tue, 27 Oct 2020 17:15:48 GMT

GET
H2 200 wp-emoji-release.min.js Show response
decoded.avast.io/wp-includes/js/ 14 KB
5 KB 288ms
283ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-includes/js/wp-emoji-release.min.js?ver=5.5.1
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Tue, 11 Aug 2020 23:34:35 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 4950

GET
H2 200 Asset-22ldpi.png
decoded.avast.io/wp-content/uploads/sites/2/2019/06/ 3 KB
3 KB 486ms
482ms Image
image/png 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2019/06/Asset-22ldpi.png
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 250fd3e1a88e39683d7798ac68311b15d4dd859903bc8faec08c37c0142f2c72

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 27 Jun 2019 10:05:00 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/png
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 3109

GET
H2 200 EYMmgDsZBnHuIzdKo7GQt5DdYt6l7syDb4q3c1qFhXzhW4qMCp8SuY2yl0csbOzTBRbt-0p5zDqgY5X8BM4SdnQN1b1nSG7neF4-80rOm2-x9HK7ci-S7XagvX8tXUcUJQjwcmb-
lh6.googleusercontent.com/ 13 KB
13 KB 31ms
6ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/EYMmgDsZBnHuIzdKo7GQt5DdYt6l7syDb4q3c1qFhXzhW4qMCp8SuY2yl0csbOzTBRbt-0p5zDqgY5X8BM4SdnQN1b1nSG7neF4-80rOm2-x9HK7ci-S7XagvX8tXUcUJQjwcmb-

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c7d69d84702a9288d0b41d02bd6d47180055d6cb47c980dd1f15508c09989529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options: nosniff
age: 9462
status: 200
content-disposition: inline;filename="arguments.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12840
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 22 Oct 2020 11:04:53 GMT

GET
H2 200 cbHU0x3fBUqi1YgfRWlagQRLXOHTHMqHGnuSBTpDe64PAbPoW0o-ibdLN4_ERCTNcJHy3AeoeK3ii_0AcsvD1ajXYpI3SFul2PDxlhtrmcvaGew0uOXCITpMSftjcKtsFmHobJbp
lh4.googleusercontent.com/ 106 KB
106 KB 254ms
249ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/cbHU0x3fBUqi1YgfRWlagQRLXOHTHMqHGnuSBTpDe64PAbPoW0o-ibdLN4_ERCTNcJHy3AeoeK3ii_0AcsvD1ajXYpI3SFul2PDxlhtrmcvaGew0uOXCITpMSftjcKtsFmHobJbp

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ff9c887eaac88a3776c7275fc3c1b1beb06ca635fbe382636162d2d5a7851a31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="netshieldkit.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108524
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 27 Oct 2020 10:27:46 GMT

GET
H2 200 BDL48tpOHGIIMZk7qTYdfPeMqgBbELLFl_siTyIScI9JbWz9AQflutz_-MnBAN5WJDBp9Yp-FbaYTfBfW2wWJ2QdPyeAgOubhhfHFVIZ8YY1e6HOAHzAJSkI9kA2vtT_DylCdIjg
lh3.googleusercontent.com/ 76 KB
76 KB 196ms
192ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/BDL48tpOHGIIMZk7qTYdfPeMqgBbELLFl_siTyIScI9JbWz9AQflutz_-MnBAN5WJDBp9Yp-FbaYTfBfW2wWJ2QdPyeAgOubhhfHFVIZ8YY1e6HOAHzAJSkI9kA2vtT_DylCdIjg

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

976119a6256ba5a34502c5e8fad48bdd8993c0193487704d2ed28d54dcb92a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="passive_dns.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77861
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 20 Oct 2020 07:23:12 GMT

GET
H2 200 6b9lqPtfoR1frEtKWSG_IxLfpmOrOW7aRys8OwP0C6Ej9WMOuMuMZwTLGX2gP3OFiYCc_YXWuJ3XqOj9bYOwMp8L4N3jUV54oCpn_2dhYCqvSqWTdp3LEVigfoZyJ07SFfz9i9rg
lh3.googleusercontent.com/ 34 KB
34 KB 260ms
256ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/6b9lqPtfoR1frEtKWSG_IxLfpmOrOW7aRys8OwP0C6Ej9WMOuMuMZwTLGX2gP3OFiYCc_YXWuJ3XqOj9bYOwMp8L4N3jUV54oCpn_2dhYCqvSqWTdp3LEVigfoZyJ07SFfz9i9rg

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ac781760d8b0bfc4d74d983009b0496ab719902d7147d32e2ca6d62d9e45660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="dstudio_adblock.jpeg"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34986
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 27 Oct 2020 10:27:46 GMT

GET
H2 200 PknKIJM9RaWA85InI-I55xo1QnSFz3h5Ad2Fsr3libh5PD_WhPcHvrHDsGcLTzUtn229jMrky9W6TtNgWrZpzNerIHqvcUn-C5fYK21ZVUnwD2cjuUHsOl58NY_LK9l1j6GZWbuf
lh3.googleusercontent.com/ 83 KB
83 KB 360ms
356ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PknKIJM9RaWA85InI-I55xo1QnSFz3h5Ad2Fsr3libh5PD_WhPcHvrHDsGcLTzUtn229jMrky9W6TtNgWrZpzNerIHqvcUn-C5fYK21ZVUnwD2cjuUHsOl58NY_LK9l1j6GZWbuf

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f9191233f06665045c919afe114da6f2c30675db6d91a2b315990ecb477d3260

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="dir_compare.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84867
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 24 Oct 2020 15:19:55 GMT

GET
H2 200 OWW1XLuhPyWqCvpLJAYLEqgxMmkfHFZ5ptMegFwKmczSWSVMADSAkl-PAAdmDp3qNLcxr_13yFUmJkHjH_EF_YVuKHI3uzinCyLzKEy6FUTay83K_gQ45106yrWiRYkOa7kkg5jZ
lh4.googleusercontent.com/ 25 KB
25 KB 456ms
451ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/OWW1XLuhPyWqCvpLJAYLEqgxMmkfHFZ5ptMegFwKmczSWSVMADSAkl-PAAdmDp3qNLcxr_13yFUmJkHjH_EF_YVuKHI3uzinCyLzKEy6FUTay83K_gQ45106yrWiRYkOa7kkg5jZ

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

57949531fa389d9231049d557aff639a6155565eae5c757b5223b8e24c701005

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="qtwinextras_bindiff.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25222
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 27 Oct 2020 10:27:46 GMT

GET
H2 200 -KMnhcFcnIqYH791NxwS5mYZERP0bEgcdCXpE9S8LvL9qmVItZpDfw_VKkqel8uVXJGXxkgc6c6-uIOUvj0bELWSbuPrljqd0uQOfeyBrfsFWtK2-zWFAH_xjfZDLHx77qh_PzcK
lh6.googleusercontent.com/ 34 KB
34 KB 37ms
13ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/-KMnhcFcnIqYH791NxwS5mYZERP0bEgcdCXpE9S8LvL9qmVItZpDfw_VKkqel8uVXJGXxkgc6c6-uIOUvj0bELWSbuPrljqd0uQOfeyBrfsFWtK2-zWFAH_xjfZDLHx77qh_PzcK

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e88d693c54a4ebfee33b0ac41924fbacce73ea68cd23d0928d45bafbb4704c01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options: nosniff
age: 9462
status: 200
content-disposition: inline;filename="iss_screenshot.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34459
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 28 Oct 2020 12:49:08 GMT

GET
H2 200 xU9uA3ZDwFjTrgJOT6DCGeeYVoaYpWIhlP2-QswyJCqFkE-9GhmZQRlmu4AgOtxFy37UQ264nPNX_kHnFkN0TdLEdR0noohGqct7P5HmamudQZLN-ma936qgJPH_EIZumMmh-U7x
lh6.googleusercontent.com/ 18 KB
18 KB 35ms
11ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/xU9uA3ZDwFjTrgJOT6DCGeeYVoaYpWIhlP2-QswyJCqFkE-9GhmZQRlmu4AgOtxFy37UQ264nPNX_kHnFkN0TdLEdR0noohGqct7P5HmamudQZLN-ma936qgJPH_EIZumMmh-U7x

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7650a9a626dea790f9ff92fc5a189063505ef870c1867daee0451ad8c83591db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options: nosniff
age: 9462
status: 200
content-disposition: inline;filename="stackstr.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18718
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 28 Oct 2020 12:49:08 GMT

GET
H2 200 LBdyxt-xHY2J53ugbCUdPOjOxQNJAzNAzB74I4hvyKwrFLise4kdsYu9Msy6SRE7zJNoG55ySDqpbbUVaWVIcbFO16ZMMIuhZz0JZRk71zf5s5Zi-9Hv63U0BmwqoVms48t33Nti
lh6.googleusercontent.com/ 10 KB
10 KB 31ms
7ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/LBdyxt-xHY2J53ugbCUdPOjOxQNJAzNAzB74I4hvyKwrFLise4kdsYu9Msy6SRE7zJNoG55ySDqpbbUVaWVIcbFO16ZMMIuhZz0JZRk71zf5s5Zi-9Hv63U0BmwqoVms48t33Nti

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b3286ecf74a365433ac5e36f19b40120dee60243880b6a01c46adefe60c04d1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options: nosniff
age: 9462
status: 200
content-disposition: inline;filename="reg_licenskey.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10237
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 22 Oct 2020 11:04:53 GMT

GET
H2 200 spj8CA1Lwlknj-503UZJ1WhZ9grZw6iDq1unhdRHQmcGbGuSs_vaoBPKgrU61VhylWNRuawkPLtoAbj18B_xrBHox1NOiKRIQfmAxRCGB4JkY4HB5kP0SNv4XedqgWiJYWIsO1Sn
lh3.googleusercontent.com/ 27 KB
27 KB 269ms
269ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/spj8CA1Lwlknj-503UZJ1WhZ9grZw6iDq1unhdRHQmcGbGuSs_vaoBPKgrU61VhylWNRuawkPLtoAbj18B_xrBHox1NOiKRIQfmAxRCGB4JkY4HB5kP0SNv4XedqgWiJYWIsO1Sn

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

56a249e2a963e73aae401de2991dfb81883700c9a8db943ee79b1f5c94d063f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="cnc_traffic.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27940
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 27 Oct 2020 10:27:46 GMT

GET
H3-Q050 200 eCBQXdYMWb9mD3dM7dfKXoeTMLM0NmuddDTgKT3LmNsHvE-rWlYH3_fsQpa9L5OGAEhgq4LNIYnp8IYkhsx3jVliEJVJafqsQ-_S_eR00WE1cUsheWffxV-0BUcjG-EgCZ03hy3b
lh3.googleusercontent.com/ 12 KB
12 KB 37ms
20ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/eCBQXdYMWb9mD3dM7dfKXoeTMLM0NmuddDTgKT3LmNsHvE-rWlYH3_fsQpa9L5OGAEhgq4LNIYnp8IYkhsx3jVliEJVJafqsQ-_S_eR00WE1cUsheWffxV-0BUcjG-EgCZ03hy3b

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4b5806f91aaf7400568047017a52109397a8c26a41c3bd9f42394e1d0549c551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options: nosniff
age: 9462
status: 200
content-disposition: inline;filename="volatile_config.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12556
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 20 Oct 2020 06:53:15 GMT

GET
H3-Q050 200 OM0pQgNxjoZo0LdCwn5Yl_JG4TarjB200XYVDEWIw-MULBhk5B8oJVdpP6vyrVN_YcSFoem5JMHNQS5mS-52UUIkOSThZMDIo1urW5PdXi-QjW6Tso1GPuplKlH4wK58KCpg-96i
lh6.googleusercontent.com/ 18 KB
18 KB 38ms
23ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/OM0pQgNxjoZo0LdCwn5Yl_JG4TarjB200XYVDEWIw-MULBhk5B8oJVdpP6vyrVN_YcSFoem5JMHNQS5mS-52UUIkOSThZMDIo1urW5PdXi-QjW6Tso1GPuplKlH4wK58KCpg-96i

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

891c8366204653036f8259a6eceb3a2f6820f103770bb22dab62b52d77218daa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options: nosniff
age: 9462
status: 200
content-disposition: inline;filename="persistent_config.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18129
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 22 Oct 2020 11:04:53 GMT

GET
H3-Q050 200 aEUcKhYb4JNob_aG1wfgyg9o3Yp0fDkvPe5SXgK7ToQACHYtzG263RIWOgNha8W_RBVLuq4BIbuyA1NJiMVBd-vjrIU5FN2FwMrbWQl-RbnQ6e7_cRS2cQeDx7Qw58bI86C_PyE9
lh6.googleusercontent.com/ 10 KB
11 KB 36ms
21ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/aEUcKhYb4JNob_aG1wfgyg9o3Yp0fDkvPe5SXgK7ToQACHYtzG263RIWOgNha8W_RBVLuq4BIbuyA1NJiMVBd-vjrIU5FN2FwMrbWQl-RbnQ6e7_cRS2cQeDx7Qw58bI86C_PyE9

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9b4cebafdbd3c4e7760d6cd879ea7cc097d139c64e2edf111e9ef1c5e256482e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 12:49:08 GMT
x-content-type-options: nosniff
age: 9462
status: 200
content-disposition: inline;filename="xmrig_config.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10733
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 22 Oct 2020 11:04:53 GMT

GET
H2 200 imagesloaded.min.js Show response
decoded.avast.io/wp-includes/js/ 5 KB
2 KB 373ms
373ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Tue, 11 Aug 2020 23:34:35 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 2103

GET
H2 200 masonry.min.js Show response
decoded.avast.io/wp-includes/js/ 24 KB
9 KB 296ms
296ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Tue, 11 Aug 2020 23:34:35 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 9216

GET
H2 200 jquery.masonry.min.js Show response
decoded.avast.io/wp-includes/js/jquery/ 2 KB
758 B 361ms
355ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:02:11 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 724

GET
H2 200 min.js Show response
decoded.avast.io/wp-content/themes/johannes/assets/js/ 112 KB
45 KB 361ms
356ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/themes/johannes/assets/js/min.js?ver=1.1.3
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 5f730e0adb0db34601edf0b7449dae5bcd766311ca1aadf57d58126c554fe2ef

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:21:52 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t

GET
H2 200 main.js Show response
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/js/ 551 B
357 B 288ms
282ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/js/main.js?ver=1.2.1
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 8efd7ef0887f8d97df1f68248a4d6f603ab11021a0f683e61584227ee7a71909

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
content-encoding: gzip
last-modified: Wed, 17 Jul 2019 11:03:00 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 323

GET
H2 200 new-tab.js Show response
decoded.avast.io/wp-content/plugins/page-links-to/dist/ 24 KB
10 KB 360ms
354ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.4
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
content-encoding: gzip
last-modified: Thu, 23 Jul 2020 11:04:52 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 10524

GET
H2 200 wp-embed.min.js Show response
decoded.avast.io/wp-includes/js/ 1 KB
862 B 357ms
352ms Script
application/javascript 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-includes/js/wp-embed.min.js?ver=5.5.1
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
content-encoding: gzip
last-modified: Tue, 31 Mar 2020 23:06:31 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 782

GET
H2 200 7Auwp_0qiz-afTLGLQjUwkQ.woff2
fonts.gstatic.com/s/muli/v22/ 24 KB
24 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQjUwkQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a71c8749cc0bb450f96766d4cab3b2b9c4d5a9b30c3683f3a5863d8d2ed9c9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://decoded.avast.io
Referer: https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 11:20:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Jul 2020 20:49:47 GMT
server: sffe
age: 533171
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24884
x-xss-protection: 0
expires: Thu, 21 Oct 2021 11:20:39 GMT

GET
H2 200 fontawesome-webfont.woff2
decoded.avast.io/wp-content/themes/johannes/assets/fonts/ 75 KB
76 KB 333ms
332ms Font
font/woff2 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/themes/johannes/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://decoded.avast.io
Referer: https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Mon, 24 Jun 2019 11:19:38 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: font/woff2
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 77160

GET
H2 200 johannes-font.ttf
decoded.avast.io/wp-content/themes/johannes/assets/fonts/ 3 KB
3 KB 260ms
260ms Font
font/ttf 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/themes/johannes/assets/fonts/johannes-font.ttf?
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 6e1ba7b6b625d488b2be3593d5ec5c3fca1fc192e9b3475573bf75af25b4cde9

Request headers

Origin: https://decoded.avast.io
Referer: https://decoded.avast.io/wp-content/themes/johannes/assets/css/min.css?ver=1.1.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:50 GMT
last-modified: Mon, 24 Jun 2019 11:19:40 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: font/ttf
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 2952

GET
H2 200 socicon.woff
decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/fonts/ 98 KB
99 KB 331ms
330ms Font
font/woff 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/fonts/socicon.woff
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/main.css?ver=1.2.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 48c273dcbed09b6b87f9365f2f141063f5c859476b53913d94fca1befe90aa0c

Request headers

Origin: https://decoded.avast.io
Referer: https://decoded.avast.io/wp-content/plugins/meks-easy-social-share/assets/css/main.css?ver=1.2.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Wed, 17 Jul 2019 11:03:00 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: font/woff
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 100756

GET
H3-Q050 200 7Auwp_0qiz-afTzGLQjUwkQ1OQ.woff2
fonts.gstatic.com/s/muli/v22/ 22 KB
22 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTzGLQjUwkQ1OQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea276ad4b08f0ae806922c7d753177df1e11fcd0e924f1ef34e01593fbd0868d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://decoded.avast.io
Referer: https://fonts.googleapis.com/css?family=Muli%3Aregular%2C900%2C700&ver=1.1.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 11:21:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Jul 2020 20:54:22 GMT
server: sffe
age: 533142
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22240
x-xss-protection: 0
expires: Thu, 21 Oct 2021 11:21:08 GMT

GET
H2 200 02_2020_digital-security_GettyImages-1141760307_edited-1920x500.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 146 KB
147 KB 289ms
284ms Image
image/jpeg 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/02_2020_digital-security_GettyImages-1141760307_edited-1920x500.jpg
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: b116c00aa639b3afd1c79bb5a7952f73d6c8e3ffd55a35546d6ebf4d4dcc7cfc

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Tue, 13 Oct 2020 10:48:02 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 149712

GET
H2 200 map_logo.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 155 KB
156 KB 356ms
354ms Image
image/png 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/map_logo.png
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 37f5c4d669b6321542b7e9eb1ce0bfdcae63abb5042f28b31c5e592e194c5ee9

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Tue, 13 Oct 2020 13:16:06 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/png
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 158394

GET
H2 200 ds_website-1024x699.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 137 KB
138 KB 288ms
287ms Image
image/png 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/ds_website-1024x699.png
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: c17bc39d71c7b7df37447523e000425af9469a925b411e7a17ee15addf26f4b0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 08 Oct 2020 14:11:00 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/png
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 140078

GET
H2 200 ds_screenshot-1024x639.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 566 KB
568 KB 354ms
353ms Image
image/png 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/ds_screenshot-1024x639.png
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 628e171e74ea5ae9aa29a128b053f3eb2a6b72b8ffc095deaf62ef5a3ad6ff1f

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 08 Oct 2020 14:12:23 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/png
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 579535

GET
H3-Q050 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
887 B 7ms
6ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:08:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1080
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Oct 2020 16:08:51 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
85 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-143774004-1&cid=2062547497.1603812411&jid=115188622&gjid=1296451275&_gid=1307200194.1603812411&_u=aGBAgUAjCAAAAE~&z=1645834322

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 27 Oct 2020 15:26:51 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://decoded.avast.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 6ms
6ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=1850543282&t=pageview&_s=1&dl=https%3A%2F%2Fdecoded.avast.io%2Fjanvojtesek%2Ffakembam-backdoor-delivered-through-software-updates%2F&ul=en-us&de=UTF-8&dt=FakeMBAM%3A%20Backdoor%20delivered%20through%20software%20updates%20-%20Avast%20Threat%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgUAjC~&jid=115188622&gjid=1296451275&cid=2062547497.1603812411&tid=UA-143774004-1&_gid=1307200194.1603812411&z=173305336

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 27 Oct 2020 10:37:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17379
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 obf_dstudio-1.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 20 KB
20 KB 258ms
256ms Image
image/png 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/obf_dstudio-1.png
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 1a978b29056d0376b2765ac18cb61d9f20e65db7cd1343083955b94db11dc08a

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Fri, 09 Oct 2020 12:55:38 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/png
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 20579

GET
H2 200 obf_backdoor-1.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 20 KB
20 KB 262ms
261ms Image
image/png 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/obf_backdoor-1.png
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 482f85441fcf092fd9302fa08a5dae4d43c5277240a7489a0a5bcb38fe32f684

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Fri, 09 Oct 2020 12:55:47 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/png
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 20843

GET
H2 200 faq-1024x358.png
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 67 KB
67 KB 258ms
257ms Image
image/png 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/faq-1024x358.png
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 7307294216c5fbe9ef6a9111f18ed211525f32b556dd343374a1be0e1264faf4

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 08 Oct 2020 14:22:09 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/png
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 68713

GET
H2 200 fake_installer.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 48 KB
48 KB 225ms
223ms Image
image/jpeg 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/fake_installer.jpg
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: 729041faacb90fe7c19f67ca0c389b921e219d1982aea7c98a7e104043287ae0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 08 Oct 2020 14:23:11 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 49188

GET
H2 200 real_installer.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/10/ 45 KB
45 KB 232ms
231ms Image
image/jpeg 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/10/real_installer.jpg
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: f5220e02a5ce5683ad18312b40255162b7375741e0fa02fa4b5a0e724cfbcf61

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 08 Oct 2020 14:23:16 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 45758

GET
H2 200 Xtd3TnvyHWfJWo5-Dz5VgbBXlefslSbodLMeH-Z7j6ryZp5lbXqAo4Qho2CYhhNdZ3kodoVxpdU8cWX3GQ6Ts6my39lE-6kpLf97mNBqWsJBrCJwbA99XbSyS5jbU6TNRC7Tf8lf
lh4.googleusercontent.com/ 12 KB
12 KB 256ms
256ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/Xtd3TnvyHWfJWo5-Dz5VgbBXlefslSbodLMeH-Z7j6ryZp5lbXqAo4Qho2CYhhNdZ3kodoVxpdU8cWX3GQ6Ts6my39lE-6kpLf97mNBqWsJBrCJwbA99XbSyS5jbU6TNRC7Tf8lf

Requested by

Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c2892c013d3bce21da7802f1af2fd0e5d1047db947fbc899e4cb092cf0825b4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="createservice.png"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12277
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 27 Oct 2020 10:27:46 GMT

GET
H2 200 ransom-540x304.jpg
decoded.avast.io/wp-content/uploads/sites/2/2019/10/ 47 KB
47 KB 242ms
241ms Image
image/jpeg 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2019/10/ransom-540x304.jpg
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: f308183a9aa0417e075c006c9a043f2d4ecbf53c7fb58dd4e758808836f6625b

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 10 Sep 2020 16:59:51 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 47680

GET
H2 200 jose-fontano-pZld9PiPDno-unsplash_edited-540x304.jpg
decoded.avast.io/wp-content/uploads/sites/2/2020/09/ 36 KB
36 KB 232ms
228ms Image
image/jpeg 162.241.248.14
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://decoded.avast.io/wp-content/uploads/sites/2/2020/09/jose-fontano-pZld9PiPDno-unsplash_edited-540x304.jpg
Requested by: Host: decoded.avast.io
URL: https://decoded.avast.io/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.248.14 Brooklyn, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: wp2.bluehost.com
Software: nginx/1.19.0 /
Resource Hash: a8f3c21ec235b928cc493c9bd37cc45d4bf2e66630a38c2193794baaae00d430

Request headers

Referer: https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 15:26:51 GMT
last-modified: Thu, 17 Sep 2020 09:36:25 GMT
server: nginx/1.19.0
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
status: 200
host-header: d3AuYmx1ZWhvc3QuY29t
content-length: 36543

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

decoded.avast.io
fonts.googleapis.com
fonts.gstatic.com
lh3.googleusercontent.com
lh4.googleusercontent.com
lh6.googleusercontent.com
stats.g.doubleclick.net
www.google-analytics.com
162.241.248.14
2a00:1450:4001:800::2001
2a00:1450:4001:801::200a
2a00:1450:4001:803::2001
2a00:1450:4001:81f::2003
2a00:1450:4001:824::200e
2a00:1450:400c:c00::9c
1a978b29056d0376b2765ac18cb61d9f20e65db7cd1343083955b94db11dc08a
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
250fd3e1a88e39683d7798ac68311b15d4dd859903bc8faec08c37c0142f2c72
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
37f5c4d669b6321542b7e9eb1ce0bfdcae63abb5042f28b31c5e592e194c5ee9
482f85441fcf092fd9302fa08a5dae4d43c5277240a7489a0a5bcb38fe32f684
48c273dcbed09b6b87f9365f2f141063f5c859476b53913d94fca1befe90aa0c
4ac781760d8b0bfc4d74d983009b0496ab719902d7147d32e2ca6d62d9e45660
4b5806f91aaf7400568047017a52109397a8c26a41c3bd9f42394e1d0549c551
56a249e2a963e73aae401de2991dfb81883700c9a8db943ee79b1f5c94d063f6
57949531fa389d9231049d557aff639a6155565eae5c757b5223b8e24c701005
5f730e0adb0db34601edf0b7449dae5bcd766311ca1aadf57d58126c554fe2ef
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
628e171e74ea5ae9aa29a128b053f3eb2a6b72b8ffc095deaf62ef5a3ad6ff1f
63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e1ba7b6b625d488b2be3593d5ec5c3fca1fc192e9b3475573bf75af25b4cde9
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
729041faacb90fe7c19f67ca0c389b921e219d1982aea7c98a7e104043287ae0
7307294216c5fbe9ef6a9111f18ed211525f32b556dd343374a1be0e1264faf4
7650a9a626dea790f9ff92fc5a189063505ef870c1867daee0451ad8c83591db
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
891c8366204653036f8259a6eceb3a2f6820f103770bb22dab62b52d77218daa
8a71c8749cc0bb450f96766d4cab3b2b9c4d5a9b30c3683f3a5863d8d2ed9c9a
8b7f6b3b98d203b064eeb91445b8bfc6f5bec3a2e7b76af8a23a7cb6cd0d8add
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8d97a7cf891b0c3f0448f17d5319aa621e66755fe12f23cd10b83830c2ac8a12
8efd7ef0887f8d97df1f68248a4d6f603ab11021a0f683e61584227ee7a71909
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
976119a6256ba5a34502c5e8fad48bdd8993c0193487704d2ed28d54dcb92a60
9b4cebafdbd3c4e7760d6cd879ea7cc097d139c64e2edf111e9ef1c5e256482e
a61e94c6cee47c0f689736d8b6d3a8ba98f9501a3e834b2cdedc374e4b88c6cf
a8f3c21ec235b928cc493c9bd37cc45d4bf2e66630a38c2193794baaae00d430
b116c00aa639b3afd1c79bb5a7952f73d6c8e3ffd55a35546d6ebf4d4dcc7cfc
b3286ecf74a365433ac5e36f19b40120dee60243880b6a01c46adefe60c04d1b
c17bc39d71c7b7df37447523e000425af9469a925b411e7a17ee15addf26f4b0
c2892c013d3bce21da7802f1af2fd0e5d1047db947fbc899e4cb092cf0825b4d
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c7d69d84702a9288d0b41d02bd6d47180055d6cb47c980dd1f15508c09989529
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e88d693c54a4ebfee33b0ac41924fbacce73ea68cd23d0928d45bafbb4704c01
e9aeefb16b3c0ef2afed8d77e52fcd696b92264c5ed8d897896b57efe63da01c
ea276ad4b08f0ae806922c7d753177df1e11fcd0e924f1ef34e01593fbd0868d
f308183a9aa0417e075c006c9a043f2d4ecbf53c7fb58dd4e758808836f6625b
f5220e02a5ce5683ad18312b40255162b7375741e0fa02fa4b5a0e724cfbcf61
f9191233f06665045c919afe114da6f2c30675db6d91a2b315990ecb477d3260
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
ff9c887eaac88a3776c7275fc3c1b1beb06ca635fbe382636162d2d5a7851a31

decoded.avast.io Open in urlscan Pro 162.241.248.14 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

50 Requests

100 %HTTPS

86 %IPv6

6 Domains

8 Subdomains

7 IPs

3 Countries

2244 kBTransfer

2712 kBSize

0 Cookies

11 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

decoded.avast.io Open in urlscan Pro
162.241.248.14 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

8
Subdomains

7
IPs

3
Countries

2244 kB
Transfer

2712 kB
Size

0
Cookies

50 HTTP transactions
0 data transactions